![]() The fact that Apple isn't complicit in law enforcement's use of Elcomsoft's for surveillance doesn't make the tool any less dangerous, argues Matt Blaze, a computer science professor at the University of Pennsylvania and frequent critic of government spying methods. "Apple could take steps to close that off, and I think they should." it really opens up a vulnerability in terms of allowing all of these different companies to continue to interface with your system," he says. "When you have third parties masquerading as hardware. But Zdziarski argues that Apple could still have done more to make that reverse engineering more difficult or impossible. The Russian company's tool, as Zdziarski describes it, doesn't depend on any "backdoor" agreement with Apple and instead required Elcomsoft to fully reverse engineer Apple's protocol for communicating between iCloud and its iOS devices. ![]() Apple didn’t immediately respond to WIRED’s request for further comment, though it says it's still investigating the hack and working with law enforcement.įor Apple, the use of government forensic tools by criminal hackers raises questions about how cooperative it may be with Elcomsoft. But Anon-IB users continued to discuss stealing data with iBrute in combination with EPPB on the forum Tuesday, suggesting that the fix has yet to be applied to all users, or that stolen credentials are still being used with Elcomsoft’s program to siphon new data. “The end of fun, Apple have just patched,” he wrote on Github. On Monday, iBrute creator Troshichev noted that Apple had released an update for Find My iPhone designed to fix the flaw exploited by iBrute. “Data can be accessed without the consent of knowledge of the device owner, making Elcomsoft Phone Password Breaker an ideal solution for law enforcement and intelligence organizations.”Įlcomsoft didn’t respond to a request for comment. “All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID.accompanied with the corresponding password,” the company’s website reads. And the software’s marketing language sounds practically tailor-made for Anon-IB's rippers. It costs as much as $399, but bootleg copies are freely available on bittorrent sites. Software from elcomsoft does this."Įlcomsoft’s program doesn't require proof of law enforcement or other government credentials. I simply copy data from the iCloud using the user name and password that I am given. For all I know they own the iCloud," cloudprivates writes. This way I just provide a service to someone that wants the data off the iCloud. "Dunno about others but I am too lazy to look for accounts to hack. One of Anon-IB's rippers who uses the handle cloudprivates wrote in an email to WIRED that he or she doesn't consider downloading files from an iCloud backup "hacking" if it's done on behalf of another user who supplies a username and password. “Use the script to hack her e eppb to download the backup,” wrote one anonymous user on Anon-IB explaining the process to a less-experienced hacker. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. But one step in the hackers’ sext-stealing playbook has been ignored-a piece of software designed to let cops and spies siphon data from iPhones, but is instead being used by pervy criminals themselves. As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack victims' iCloud passwords to Apple, whose security flaws may have made that cracking exploit possible in the first place.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |