Thanks for choosing OC Cloud9!

949-699-6619 | 9am – 6pm Monday – Friday : Saturday by Appointment

  • Client Login
    • Outlook Web App
    • Cloud Apps and Desktops
    • Remote Support
OC Cloud9
  • About Us
    • Careers
  • Cloud Services
    • Cloud Software
      • Cloud9 Software QuickBooks Solution
    • Cloud Mail
    • Cloud Collaborate
    • Database Cloud Services
    • Cloud Web Hosting
  • Solutions
    • For Designers – Accelerated
    • For Businesses – Complete
    • For Individuals – Professional
    • HIPAA Compliant Cloud Services
      • Cloud9 HIPAA Email Encryption and Data Loss Prevention
    • For Students – College VDI
  • Support
    • Cloud Support
    • Learning Center
    • Standards & Compliance
    • News & Articles
  • Contact Us
Get Started
  • About Us
    • Careers
  • Cloud Services
    • Cloud Software
      • Cloud9 Software QuickBooks Solution
    • Cloud Mail
    • Cloud Collaborate
    • Database Cloud Services
    • Cloud Web Hosting
  • Solutions
    • For Designers – Accelerated
    • For Businesses – Complete
    • For Individuals – Professional
    • HIPAA Compliant Cloud Services
      • Cloud9 HIPAA Email Encryption and Data Loss Prevention
    • For Students – College VDI
  • Support
    • Cloud Support
    • Learning Center
    • Standards & Compliance
    • News & Articles
  • Contact Us

Apple iCloud Security Breach

OC Cloud9 > News & Articles > Uncategorized > Apple iCloud Security Breach

Apple iCloud Security Breach

Sep 24, 2014DeborahUncategorized

Apple’s iCloud facility, which stores iPhone and iPad users’ photos and personal data, has a “fundamental security flaw”, an expert has warned.

Apple’s iCloud security is under scrutiny after intimate images of celebrities were stolen and leaked.

It has emerged that a iCloud security measure called two-step verification, which is recommended by Apple, can be bypassed using easily available software that allows access to iCloud back-ups.

The program still requires hackers to know the user’s email address and password, and there is no clear evidence that it was used in the recent breaches.

Two-step verification – which requires a user to type in a short code sent by Apple to their phone or tablet in order to access their account – is supposed to offer an extra level of protection.

On Tuesday, Apple suggested its customers “always use a strong password and enable two-step verification” after it acknowledged that some of its accounts had been compromised by a “very targeted attack”.

But one expert said Apple had given people “a false sense of security”.

Technology magazine Wired first reported that software from a Russian firm, ElcomSoft, was being mentioned on a hackers discussion group as a useful tool for infiltrating iCloud accounts.

The program, marketed to law enforcement agencies, claims to offer access to iCloud content without the operator needing to be in possession of the iPhone or iPad concerned.

It uses a system devised by Moscow-based computer programmer Vladimir Katalov, which downloads copies of iCloud data.

It is not known whether the facility was utilised by those who stole naked images of Jennifer Lawrence and others.

But Mr Katalov told the BBC that, although he could not be “100% sure”, he believed the software was used in the recent celebrity hacks, as ElcomSoft’s program is “the only one able to do that”.

He added that while his company “didn’t like it much” when the software was used for illegal purposes, it had sold the system to individuals, as well as authorities.

Security expert Mikko Hypponen told the BBC the issue lay in the design of Apple’s two-step verification system, which he believed was “implemented only to protect your credit card”.

“It doesn’t require two-factor authentication when you just want to access the photo roll, or if you want to restore the back-up,” he said.

Using ElcomSoft’s program, he added: “I can use my computer to extract files from your online back-up – something you can’t do yourself”.

Indeed, Apple’s own page on two-step verification explains that it protects:

  • The My Apple ID webpage, where users can manage their iCloud account
  • App Store, iTunes or iBooks Store purchases from a new device
  • Getting Apple ID-related support

It does not mention any protection for photos, contacts or calendar entries, which are all backed up to iCloud.

Apple iCloud Security
occ9-logo

 

OC Cloud 9  recommends implementing two step verification and having a different secure password for every site you access. Secure Passwords should be at least eight characters long and have a mixture of uppercase, lowercase, numbers, and special terms like !@#.  If you feel that your system or network may be at risk, or the security of your systems have been compromised, contact the Cyber Security Experts at OC Cloud 9 so we can help you protect your data. Call the Cloud Security Experts at (949) 699-6619 or visit us online at OCCloud9.com. We are happy to help.

 

Information originally obtained from BBC’s Joe Miller. View Joe Miller’s story here.

Written by Deborah

Deborah is the Director of Network Operations at OC Cloud 9. She oversees the daily Operations of the company. She has been working with Orange County Computer, Inc., the parent company of OC Cloud9, Inc., since 2003. Prior to working in the IT Industry, her area of expertise was in regulatory compliance in the Healthcare Industry working with state and federal regulatory agencies. She acts as our interpreter regarding all HIPAA Privacy and Security Rules. Deborah's office mantra is "Keep the client happy" and she will act as the liaison between a client request and a technical barrier to resolving as issue. She is happy to help. In her spare time, you might find her paddle boarding in the ocean or skiing in the mountains.

You might also like

  • Distinguishing Between Public, Hybrid, & Private Cloud Solutions
  • Protecting Your Medical Practice With Our HIPAA Compliant Cloud Solutions
  • How to Improve Network Security in Healthcare Practices
  • Why is virtualization and the cloud so important?
  • Coronavirus and Working Remotely in the Cloud
  • What is better than Cloud Computing?
  • Cloud Computing vs Virtualization: The Differences and Why They Matter to You
  • When Disaster Strikes…How will you protect your business?
  • Quest Diagnostics Data Breach
  • Windows Server 2008 End of Support: What That Means to You and Your Business
  • Cloud Solutions and Disaster Prevention…How will you protect your business?
  • Cloud Resellers vs. true Cloud Service Providers
← Annual Shop and Dine Lake Forest 2014
Customers Scramble as Cloud Services Provider Goes Out of Business →

Search

Categories

  • Blog
  • Cloud Learning Center
  • Education
  • Inside OC Cloud 9
  • Remote Workforce
  • Uncategorized

Sign Up To Receive Our Newsletter

    26150 Enterprise Way, Suite 400
    Lake Forest, CA 92630

    949-699-6619

    ADA Accessibility Statement

    Sign Up To Receive Our Newsletter