Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How were the iCloud accounts then attacked if they didn't have physical access to the device?

The passcode is “tangled” with the device’s UID, so brute-force attempts must be per-formed on the device under attack

Even with the password you need the device, which they didn't.



I think a lot of it was social engineering and bad passwords. If you are using multiple services and one is compromised you can pretty much give up access to everything if you use the same password all around.


Guesses based on known properties of the (well-known, high-exposure) targets.


You can restore from iCloud backup to any device (which is presumably how elcomsoft software works). The only thing that you need original device for is the keychain, but I am not sure if this has changed since keychain in the cloud


Social engineering was used to get the answers to the users security questions.


I think the "Cloud" may have been involved.


iCloud backups aren't encrypted with the same key as on device storage.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: