Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

How easy is it to crack into an Apple iCloud account? We tried to find out
The Guardian ^ | September 3, 2014 | Paul Farrell and Nick Evershed

Posted on 09/03/2014 11:51:20 PM PDT by Swordmaker

After the nude celebrity pictures leak, two Guardian Australia journalists try to break into each other’s iCloud accounts

Accessing someone’s Apple account requires only three things: their email address, their date of birth, and the answers to two out of three security questions. This is assuming they don’t have two-step verification enabled.

If you have all these, you’re able to reset their Apple ID password to one that only you know and then access their iTunes and iCloud accounts. You don’t require access to their email. Once you have access to their Apple ID, you can access recent photos and back-ups if they have these features enabled.

While we don’t know the exact method people used to access celebrities’ accounts, Apple did release a statement which appears to confirm that a method similar to that described above was used.

The main issue with this setup is that if you’re a celebrity, or are someone who has been using social media for a long time and revealed various details about your life, then the answers to the security questions could be available online. Here are a few of the 21 security questions you can choose:

The Guardian has seen forum threads where people have allegedly used the methods above to access people’s iCloud back-ups to obtain photos.

To see how difficult it is to crack someone’s account, we’re going to try and access each other’s accounts and see how far we get.

(Excerpt) Read more at theguardian.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: icloud
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081 next last
To: Swordmaker

Read, The Art of Deception, by noted hacker Kevin Mitnik if you want to understand how powerful social engineering is.

The problem is that the more you know about a person, the easier it is to hack them. In many ways celebrities are like close friends, you know or can learn almost everything about them. You know their first pet, where they went to school, their first job, mother’s maiden name. It’s a piece of cake if you have no morals or ethical standards.


61 posted on 09/06/2014 11:06:42 PM PDT by MediaMole
[ Post Reply | Private Reply | To 8 | View Replies]

To: Swordmaker

Despite the fanboi flamewar from both sides, the moral to this story should be:

Don’t ever put anything compromising online. ever. EVER. What’s the old adage? something about ‘what you might say on a postcard’?

This sh*t will never change...


62 posted on 09/07/2014 12:09:29 AM PDT by roamer_1 (Globalism is just socialism in a business suit.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Leonard210; TheBattman; Drago
Google your banks, big boy, and then call customer service, because while you claim none of them use 2FA, most of them would call you a liar. Maybe you have to activate it yourself, just like you did to protect your “NSYNC Gold” collection.

You strongly imply that I lied about my banks that support two factor security. . . and then state that you look this up by Googling it. You are the liar, Loonard. I stand by my statement. To put my accounts into a bank that uses two-factor authentication for account access I would be limited to just four of the banks listed:

Those are the only Banks on your list that offer Two-Factor authentication for on-line logon account security. I think you've been dissembling, if not out-right lying. You're at least completely misrepresenting the facts. Again.

My Bank of America accounts do have limited Two-Factor for on-line transactions, which I use. . . but not for gaining account access, which is exactly what I told you. None of my other banks even offer it. BofA, Wells Fargo, and Bank of the West use hardware Tokens, as does Apple, to identify the specific device from which you are making your connection. . . and if it is not one from which you have previously made a connection, you must answer security questions to proceed. Again, what I told you. Accurate information.

The BANKS are satisfied with the levels of security they are providing. Since it is THEY that are defrauded if my accounts are compromised and they allow someone to pillage my money, as they guarantee to make me whole when that happens, then who are YOU to criticize what they offer?

I assume that Tommy believes that nothing qualifies as 2FA unless it is precisely the form used by Apple. I’ll leave the definition of “classic” 2FA to you. Basic 2FA is simply something you know and something you have. While banks are under represented, that does not mean that they are not secure.

While Tommy was all 2FA for his music collection, he wasn’t interested in it for his bank. . .

. . . I do not trust Tommy with Apple facts. He prefers authoritative half-truths as I have documented in the past. In matters of financial security I would never suggest that anyone trust his “facts”.

Who the hell are you referring to as "Tommy," you ass. I have a Freep name, use it. This denigration of me by assigning alternate name is childish and pathetic.

The only person in these threads who behaves as a sociopath is you. I have said nothing about a non-existent "music collection, Loonard. You have "documented" nothing! Your anti-Apple derangement and your current Swordmaker animus are severe, Loonard. Your "facts" are seldom actually factual, and always easily refutable. Quit stalking me and making innuendos about my honesty and character. You desperately need help.

You misrepresent, then dance around, claiming other things are the same thing. How are you doing on proving Apple owns those factories in China, as you vehemently and idiotically claimed for months on end, despite all documented evidence to the contrary?

63 posted on 09/07/2014 3:51:23 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 59 | View Replies]

To: Swordmaker

As I expected, Apple’s implementation of 2FA is more secure than your bank, even though you’re satisfied with the security provided by your bank, or banks, as you have so many...none of which has 2FA as impenetrable as Apple but you trust them to manage your money but not your record collection. Brilliant!


64 posted on 09/07/2014 5:09:29 PM PDT by Leonard210 (Pro-life Creationist, Constitutional Federalist, Deprogrammed Apple Flunky)
[ Post Reply | Private Reply | To 63 | View Replies]

To: Swordmaker

“How are you doing on proving Apple owns those factories in China...”

Apple factories in China spring up spontaneously without any input from Apple Inc., that’s what you were selling then, and after 2 months of additional research that has covered hundreds of articles, thousands of pages of corporate reports and contact with some of the writers and researchers associated with articles that you quoted and often misrepresented I have concluded that you’re a delusional Apple troll who attempts to pass off fake facts that even Apple wouldn’t dare repeat.


65 posted on 09/07/2014 5:17:55 PM PDT by Leonard210 (Pro-life Creationist, Constitutional Federalist, Deprogrammed Apple Flunky)
[ Post Reply | Private Reply | To 63 | View Replies]

To: Leonard210; TheBattman; Drago
Loonard's conclusions: Apple owns the factories in China.

His "evidence" was repeated, continual linking to an interview with Steve Jobs where Steve said Apple was essentially looking into the suicides among workers in their supply chain. Loonard claimed that was proof that Apple owned the factories.

And he tatally misrepresents what I told him about the companies that manufacture items for Apple. . . every fact of which was truthful and backed up by linked facts.

As I said. Delusional. It's Loonard's middle name. His facts there are the same as those in the banking security.

66 posted on 09/07/2014 9:44:56 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 65 | View Replies]

To: Swordmaker

Half-truths, as usual, Tommy. I’ll pick this topic up again, possibly serialized, but we are looking into simply publishing the results.

Your mindless recitation of Apple talking points has been invaluable. I never expected, however, that you’d exaggerate, fabricate, and dissemble so effortlessly. You are a valuable resource indeed. Thank you.


67 posted on 09/07/2014 11:21:25 PM PDT by Leonard210 (Pro-life Creationist, Constitutional Federalist, Deprogrammed Apple Flunky)
[ Post Reply | Private Reply | To 66 | View Replies]

To: TheBattman; Drago

As I said. Deluded. Loonard is having a conversation with an imaginary person named Tommy.


68 posted on 09/07/2014 11:41:27 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 67 | View Replies]

To: Swordmaker

“You strongly imply that I lied about my banks that support two factor security. . . and then state that you look this up by Googling it. You are the liar, Loonard. I stand by my statement. To put my accounts into a bank that uses two-factor authentication for account access I would be limited to just four of the banks listed...”

You insist that the only secure form of 2FA is the one used by Apple for account access. No surprise there. But then you listed 6 banks by name. I have no idea what your banks offer or do not offer in the way of 2FA but I do know that you’re a master of the authoritative half-truth, so I did some simple research that turned up statements about Bank of America like this:

“Log into your Bank of America account...You’ll then see a red button at the center of the page that reads “Add SafePass.” Click it and you can add one or more numbers for verification, and select whether you want SafePass to kick in only during significant financial transactions, or for every bank login.” (1)

Someone thinks that Bank of America offers 2FA (or SafePass) for transactions as well as logins. You say they don’t, but you have a problem with the definition of the word “fact,” so I’m more apt to believe Nathan at the WSJ.

(1) Safety First! How to Sign Up for Two-Step Verification on 11 Top Online Services
http://blogs.wsj.com/personal-technology/2014/04/11/safety-first-how-to-sign-up-for-two-step-verification-on-11-top-online-services/


69 posted on 09/08/2014 10:28:38 AM PDT by Leonard210 (Pro-life Creationist, Constitutional Federalist, Deprogrammed Apple Flunky)
[ Post Reply | Private Reply | To 66 | View Replies]

To: Leonard210; Drago; TheBattman
You insist that the only secure form of 2FA is the one used by Apple for account access. No surprise there. But then you listed 6 banks by name. I have no idea what your banks offer or do not offer in the way of 2FA but I do know that you’re a master of the authoritative half-truth, so I did some simple research that turned up statements about Bank of America like this:

No, Loonard, I have never "insisted" that the "only secure form of 2FA is the one used by Apple." That is a construct of your deluded mind and failure to comprehend what I wrote.

I always take advantage of the highest level of security offered by whatever service I use, whatever that is. For example, I told you I use SafePass on my Bank of America accounts with all options turned on. When I activated that, it covered movement of funds only. Apparently their IT department is now adding account access. Right now, BofA does allow access to my financial records using only a username and password. . . without a second factor. I just tried it again. . . and for my accounts there is no login offered for second factor. That's listed as "coming soon," for my accounts, and I will be "notified when it will be activated." Why do you think your 2FA link doesn't list that as being available? I think it probably is being rolled out now. Security is always being updated and improved. Good. When it's activated, I'll use it. I suspect it may not be activated in all areas or for all accounts yet.

Why would I lie about this? It is not in my interest to do so. Your own link showed that as of the date it was compiled, except for four obscure banks, the chart agreed with MY statement that most banks allowed software access to accounts without two-factor authentication. QED.

Give it a rest, Loonard.

70 posted on 09/08/2014 11:59:07 AM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 69 | View Replies]

To: Leonard210; Drago; TheBattman
Someone thinks that Bank of America offers 2FA (or SafePass) for transactions as well as logins. You say they don’t, but you have a problem with the definition of the word “fact,” so I’m more apt to believe Nathan at the WSJ.

By-the-way, your link to the Wall Street Journal article also has Wells Fargo Bank listed, so I decided to recheck their 2FA security offerings. . . which I've had turned on for years. Incidentally, I just transferred several thousand dollars this morning and got NO notice on any of my devices from Wells Fargo. . . but, then, they've never notified me except when I've told the ATM I wanted my receipt emailed to me. In any case, here is what THEY use 2FA security notifications (actually, it is not, it's merely "alert notifications") for, from the Wells Fargo "setting security alerts" WEBPAGE that links from the page pictured on the WSJ for setting phone numbers:

That's it. Not even, "Oops, you're over drawn."

Yet Nathan and the WSJ had THEM listed. Good useful article you're believing there, Loonard.

I just called my Wells Fargo Personal Banker and inquired. She said they will use the Second-Factor Authentication requirement if their fraud prevention department thinks a transaction on my account is suspicious. Only then will they text my phone with a message and a six digit code to retext to unlock my account to continue or complete the transaction that may be blocked. Second factor is not used to block access to my data. . . But if someone using that access were to change my password or contact phone numbers, I'd get a message email about such change. Whoopee.

71 posted on 09/08/2014 12:53:38 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 69 | View Replies]

Comment #72 Removed by Moderator

Comment #73 Removed by Moderator

To: Swordmaker

“Apparently their IT department is now adding account access. Right now, BofA does allow access to my financial records using only a username and password. . . without a second factor. I just tried it again. . . and for my accounts there is no login offered for second factor. That’s listed as “coming soon,” for my accounts, and I will be “notified when it will be activated.”

So they DO offer 2FA for your accounts NOW and “for you” they are ADDING 2FA for your login. So you’re wrong about Bank of America not providing login 2FA and you’re trying to generate FUD about Bank America and the other banks you listed even though Bank of America is adding what you yelled that NONE of them offered. You’re right, it’s all my fault.


74 posted on 09/08/2014 8:05:19 PM PDT by Leonard210 (Pro-life Creationist, Constitutional Federalist, Deprogrammed Apple Flunky)
[ Post Reply | Private Reply | View Replies]

To: Leonard210

GIVE IT A REST!!!!


75 posted on 09/08/2014 8:07:42 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 74 | View Replies]

To: Swordmaker

You pulled banks into this debate and I simply did some cursory checks on one, just one, of the banks you mentioned. Bank of America, now, according to you, does offer 2FA. They not only offer 2FA now, but according to you they are adding the specific form of 2FA that you said they did not offer.

Instead of admitting that you may have jumped the gun, you blamed me and now you want to scream it to an end. Well done, Apple master, well done.


76 posted on 09/08/2014 9:06:32 PM PDT by Leonard210 (Pro-life Creationist, Constitutional Federalist, Deprogrammed Apple Flunky)
[ Post Reply | Private Reply | To 75 | View Replies]

To: Leonard210; Drago; TheBattman
You pulled banks into this debate and I simply did some cursory checks on one, just one, of the banks you mentioned. Bank of America, now, according to you, does offer 2FA. They not only offer 2FA now, but according to you they are adding the specific form of 2FA that you said they did not offer.

Read what I wrote. Not what you wish I wrote, Loonard. Now, stop writing to me.

77 posted on 09/08/2014 9:21:30 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 76 | View Replies]

To: Leonard210; Drago; TheBattman
No, Loonard, that's another misrepresentation on your part. . . your signature stock in trade.

I suggest you refer to your Reply 42 to me, in which you taunted me about your bank not asking you whether you wanted Two-Factor authentication for account login. . . which you later retracted.

Now, I am finished talking with you.

78 posted on 09/08/2014 9:34:05 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 76 | View Replies]

To: Swordmaker

“your Reply 42 to me”

Which was my reply to Battman. You can’t even tell the truth on a simple link.

I never asked you to list your banks. You volunteered. I mocked your insistence that Apple had better security than your banks yet you were completely satisfied with the forms of security that your banks offer.

It was only then that I began to look at your claims. And I’ve barely started. Shame on me.


79 posted on 09/08/2014 9:57:40 PM PDT by Leonard210 (Pro-life Creationist, Constitutional Federalist, Deprogrammed Apple Flunky)
[ Post Reply | Private Reply | To 78 | View Replies]

To: Swordmaker

“Read what I wrote. Not what you wish I wrote, Loonard. Now, stop writing to me.”

Swordmaker: “My Bank of America accounts do have limited Two-Factor for on-line transactions, which I use. . . but not for gaining account access...”

Swordmaker: “I told you I use SafePass on my Bank of America accounts with all options turned on. When I activated that, it covered movement of funds only. Apparently their IT department is now adding account access.”

As usual, you’re quick to call me a liar for accurately representing your readily available quotes. If I’m misreading you it’s because you’re obfuscating.


80 posted on 09/08/2014 10:11:05 PM PDT by Leonard210 (Pro-life Creationist, Constitutional Federalist, Deprogrammed Apple Flunky)
[ Post Reply | Private Reply | To 77 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson