The so-called two-factor authentication provides additional security for user accounts, internet services. With this authentication for logon is requested not only a user name and password, but also additional information such as unique verification codes, which can be activated in the settings of the various accounts of online sites and receive a variety of ways, including via SMS on a mobile phone.
In spite of the introduction of two-factor authentication (a unique code sent to a physical device to confirm the operation) by Apple in its services, experts say that iCloud users can not always use this function. In the two-factor authentication iCloud reserved only signing in My Apple ID, purchases made in iTunes, App Store and iBookstore, gaining support from Apple. If the user wants to expand on the new device backup data with iCloud backup, then the extra code is not requested. And the attackers take advantage of this, experts say. Immediately after you get your account using Apple’s software Elcomsoft Phone Password Breaker, they can export photos and other personal data. But even if the user does not have data stored in the cloud iCloud, attackers can also get access to the stream of photos Photo Stream, which is also not protected by two-factor authentication.
It is interesting that Apple itself has long been aware of this situation. Our compatriot Vladimir Katalov (employee Elcomsoft) in the last year at a security conference Hack In The Box reported shortcomings protocol iCloud. But Apple has not made a change. On the question of our colleagues on plans to expand the two-factor authentication for all services iCloud company did not respond.
Recall the other day there was a message about the vulnerability when iCloud, which could result in the release of personal photos of celebrities.
Source:
No comments:
Post a Comment