Apple is separating the new smartphones into its usual low-cost versus high-cost categories, with big differences between the two models coming down to the camera, display, and battery life.
iOS 13 & watchOS 6 Now Available
ElcomSoft's Latest Tool Can Allegedly Access iMessages in iCloud, But Only in Extreme Circumstances
Russian company ElcomSoft today claimed that the latest version of its Phone Breaker software can remotely access iMessage conversation histories stored in iCloud, although there are several strings attached.
Namely, the person attempting to extract iMessages from an iCloud account would need the following before being able to do so:
Apple obviously cares very deeply about the security of its customers, but if a bad actor has gained access to another person's Apple ID credentials, your passcode, and at least one of your Apple devices, or your SIM card, there arguably isn't really much the company can do at that point to protect you.
That's why it's so important, as Apple routinely stresses, to set a strong password for your Apple ID, not share that password with others, enable two-factor authentication, and keep careful possession of your devices. It also helps to set a strong alphanumeric passcode on an iOS device, rather than a four-digit one.
Apple says iMessages are protected with end-to-end encryption, and notes that messages can't be accessed by anyone without your device passcode. As an additional safeguard, Apple requires that users have two-factor authentication turned on for their Apple ID accounts to enable Messages in iCloud.
ElcomSoft's tool seems to be taking advantage of the fact that, if iCloud Backups are turned on, a copy of the encryption key protecting iMessages is included in the backup, according to a support document on Apple's website:
Namely, the person attempting to extract iMessages from an iCloud account would need the following before being able to do so:
- Elcomsoft Phone Breaker version 8.3
- The associated Apple ID email and password for the iCloud account
- The passcode, if an iPhone, iPad, or iPod touch, or system password, if a Mac, of at least one device on the account enrolled in Messages in iCloud, which requires iOS 11.4 and macOS 10.13.5 or later
- Access to a two-factor authentication method, such as a trusted secondary device, which may or may not have the same passcode or system password, or a SIM card for a phone number that has been authorized to receive one-time verification codes via SMS
Apple obviously cares very deeply about the security of its customers, but if a bad actor has gained access to another person's Apple ID credentials, your passcode, and at least one of your Apple devices, or your SIM card, there arguably isn't really much the company can do at that point to protect you.
That's why it's so important, as Apple routinely stresses, to set a strong password for your Apple ID, not share that password with others, enable two-factor authentication, and keep careful possession of your devices. It also helps to set a strong alphanumeric passcode on an iOS device, rather than a four-digit one.
Apple says iMessages are protected with end-to-end encryption, and notes that messages can't be accessed by anyone without your device passcode. As an additional safeguard, Apple requires that users have two-factor authentication turned on for their Apple ID accounts to enable Messages in iCloud.
ElcomSoft's tool seems to be taking advantage of the fact that, if iCloud Backups are turned on, a copy of the encryption key protecting iMessages is included in the backup, according to a support document on Apple's website:
If you have iCloud Backup turned on, a copy of the key protecting your Messages is included in your backup. This ensures you can recover your Messages if you’ve lost access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and it is not stored by Apple.Given the extenuating circumstances required, the vast majority of users shouldn't have anything to worry about. But it's a good reminder to maintain strong security practices on all of your devices to stay safe.
[ 69 comments ]
Top Rated Comments
(View all)
17 months ago
So they can access your data if they have access to your data...? Sounds like that to me.
17 months ago
BREAKING NEWS: If someone gets your Apple ID, Password, Passcode, AND PHYSICAL ACCESS TO YOUR DEVICE, they may be able to get your info! You HAVE BEEN WARNED.
Lmao
Lmao
17 months ago
HEY YOU KNOW WHAT I found a security hole in my bank's ATMs, if someone has my card and PIN they can take out my cash!!! HOLY CRAP WHAT WILL WE DO NOW!??!
17 months ago
I've totally figured out how to access *anyone's* home! You'll need:
Their permission
Door key(s)
Alarm code(s)
Familiarity with their killer wiener dog, Bunz
Friendships with their neighbors as to not arouse suspicion
..and you are *totally* in!
Enjoy!
Their permission
Door key(s)
Alarm code(s)
Familiarity with their killer wiener dog, Bunz
Friendships with their neighbors as to not arouse suspicion
..and you are *totally* in!
Enjoy!
17 months ago
If an attacker has all that info, they can do a whole lot more than just access my messages...
17 months ago
Erm, so if I have a device, Apple ID the passcode/password and a second device for two-factor auth, I can log in to an iCloud account? NSS.
17 months ago
HEY YOU KNOW WHAT I found a security hole in my bank's ATMs, if someone has my card and PIN they can take out my cash!!! HOLY CRAP WHAT WILL WE DO NOW!??!
I've totally figured out how to access *anyone's* home! You'll need:
Their permission
Door key(s)
Alarm code(s)
Familiarity with their killer wiener dog, Bunz
Friendships with their neighbors as to not arouse suspicion
..and you are *totally* in!
Enjoy!
I came here hoping to see these sarcastic replies. I was not disappointed.
Yea, this whole article is garbage. I've seen mods on the forum delete more legitimate posts than this article.
[ Read All Comments ]
With the arrival of the iPhone 11, iPhone 11 Pro and iPhone 11 Pro Max, Apple has introduced an optional new camera feature in iOS 13 that's designed to allow you to correct the alignment of...
For this week's giveaway, we've teamed up with AnyTrans to offer MacRumors readers a chance to win one of Apple's new iPhone 11 Pro Max devices and a lifetime AnyTrans license.
For...
Due to Apple seeding the iOS 13.1 beta prior to the public release of iOS 13, upgrading to a new iPhone may be a bit trickier this year.
In a support document, Apple has provided instructions...
Apple today the golden master version of an upcoming tvOS 13 update to developers, one week after seeding the eleventh beta and more than three months after unveiling the tvOS 13 software at the...
Netflix CEO Reed Hastings recently discussed what he thinks about the upcoming launch of new rivals Apple TV+ and Disney+, as well as Netflix's plans to retain subscriber interest after their...
One of the new features set to officially launch in iOS 13.1 next week is "Audio Sharing," which lets you share the audio that you hear from your iPhone with another user.
While this...
Apple added an ECG app to the Apple Watch Series 4 last year, providing users in select territories the ability to measure the electrical activity of their heart. This ECG feature is now live for...
One of the more useful actions that 3D Touch makes possible is pressing an iPhone's onscreen keyboard to turn it into a virtual trackpad. If you 3D Touch, the keyboard turns blank and morphs into...
