Israeli company has cracked iCloud security, can get all user data

19. 7. 2019

Apple and its devices and services are often considered the equivalent of maximum security and privacy. After all, the company itself bases part of its marketing on these aspects. In general, it has been true for many years that hackers are always one step ahead, and this time is no different. The Israeli company NSO Group knows about this, having created a tool that allows you to retrieve all data from an iPhone, including those stored on iCloud.

It is the news about the iCloud security breach that is quite serious and raises concerns about whether Apple's platform is as secure as the company itself claims. However, NSO Group does not focus only on Apple and its iPhone or iCloud, it can also obtain data from Android phones and cloud storage of Google, Amazon or Microsoft. Basically, all devices on the market are potentially at risk, including the latest models of iPhones and Android smartphones.

The method of obtaining data works quite sophisticatedly. The connected tool first copies the authentication keys to the cloud services from the device and then passes them to the server. It then pretends to be a phone and is therefore able to download all the data stored in the cloud. The process is designed so that the server does not trigger two-step verification, and the user is not even sent an email notifying them of logging into their account. Subsequently, the tool installs malware on the phone, which is capable of obtaining data even after it is disconnected.

Attackers can get access to an abundance of private information in the manner described above. For example, they get a complete history of location data, an archive of all messages, all photos and much more.

However, NSO Group states that it has no plans to support hacking. The price of the tool is said to be in the millions of dollars and is offered mainly to government organizations, which are able to prevent terrorist attacks and investigate crimes thanks to it. However, the truth of this claim is quite debatable, because recently spyware with the same characteristics exploited bugs in WhatsApp and got into the phone of a London lawyer who was involved in legal disputes against the NSO Group.

source: Macrumors

Topics: hacker, WhatsApp, iCloud, MacRumors, storage, Microsoft, Email, Android, Google, Photos

Discussion of the article

N2by

19. 7. 2019 20:42

Then again, it's not so binding if someone has to get my phone first ;-). I'm not at all surprised that Apple doesn't recognize this when it has so many achievements in the phone.

Mirek

22. 7. 2019 9:13

It seems quite serious to me - the keys and all sensitive material should be in the "security enclave" - the fact that this place is untrustworthy indicates something ....

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

It could be interest you

Related