+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Hackers Are Already Preparing New Attacks On iCloud

Oct 1, 2014, 21:14 IST

Flickr/Michael Carlson

Soon after the iCloud celebrity photo leak, Apple unveiled a new security system designed to protect users from hackers who gain access to accounts by exploiting the company's password recovery system and downloading your backup files.

Advertisement

But hackers have already found ways around this improved security, and they have returned to a public forum to continue sharing them.

Apple hasn't overhauled the iForgot password system, which can still be used by hackers to download your iPhone photographs stored on iCloud. Instead, Tim Cook announced that Apple will now send notifications when someone tries to change an account password, access iCloud backups, or when someone logs into an account from a new device for the first time.

Here's one of the emails that Apple sends out to users to let them know that someone has logged into their iCloud account:

9to5Mac

Advertisement

There is a small number of iCloud hackers still posting on the porn forum "AnonIB," the site where the celebrity photo leaks first emerged. They note that the only real change that Apple made was expanding the notification system to cover iCloud backups. Apple claims that this alerts users quickly if hackers are in their account, but it doesn't prevent iCloud hackers gaining access.

Most of the people targeted by iCloud hackers are young females, often in their teenage years. They're unlikely to regularly check their emails (teens don't check email the way adults do), and so Apple's tactic of notifying people as soon as possible when an account is accessed is not as effective in this demographic. iCloud hackers may have gained access to an account using weak security questions and downloaded an encrypted backup file before the target even realizes that anything has happened.

But what if a hacker wants to hack an iCloud account without notifying the target? iCloud hackers have found a way to do that, too. They suggest entering the target's email account before attempting to hack the iCloud account. Since most targets are teenage girls who don't check their email often, the premise is that their passwords will be easy to guess ("password" is frequently found to be one of the most commonly used passwords). Once inside the email inbox, hackers mark emails from Apple as spam, which they claim sends Apple's new iCloud security notifications straight to spam also.

AnonIBFor iCloud hackers, Apple's new security only means that their targets have an extra email in their inbox. Some posters on AnonIB report that there's even a delay in the emails that they can use to quickly raid the account for photos.

AnonIBOnce iCloud hackers have gained access to an account, they then set about decrypting the iCloud backup file and searching it for photos. As Business Insider reported last month, hackers use expensive specialist software intended for law enforcement to download and access iCloud backup files.

Advertisement

And now there's a new tool that hackers are using to steal photos from women on the internet. iLoot is an open-source and completely free tool developed by security researcher Alexey Troshichev, who is known for discovering a bug in the Find My iPhone software. Troshichev's company, Hack App, released a tool, iBrute, to exploit the flaw shortly before the celebrity photo leaks. (That led to multiple reports falsely claiming that his discovery was used to hack celebrities.)

iLoot is publicly available on GitHub, unlike previous programs used by hackers, which were sold online. Released in September, hackers are turning to iLoot to help them break into iCloud accounts. iLoot is a "command line interface," meaning that it gives hackers access to software by letting them punch in lines of code commands to manipulate it.

Here's what the tool looks like when in use:

GitHub/hackappcomHack App's Github page says the tool should not be used on copyrighted material. And the iLoot program's page on GitHub includes a warning not to use the software to hack into accounts: "This tool is for educational purposes only. Before you start, make sure it's not illegal in your country."

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article