Category: News

Earlier today, Apple issued a press release stating that an iCloud/Find My iPhone breach had not been responsible for the leak of several private celebrity photos over the weekend, instead pointing towards a “very targeted attack on user names, passwords, and security questions” hackers used to gain access to celebrity accounts.

The company did not divulge specific details on how hackers accessed the iCloud accounts, leading Wired writer Andy Greenberg to investigate the methods that hackers might possibly have used to acquire the stolen media.

Greenberg visited Anon-IB, a popular anonymous image board where some of the celebrity photos first originated, and discovered that hackers openly discuss exploiting software designed for law enforcement and government officials. Called ElcomSoft Phone Password Breaker (EPPB), the software in question lets hackers enter a stolen username and password to obtain a victim’s full iPhone/iPad backup.

“Use the script to hack her passwd…use eppb to download the backup,” wrote one anonymous user on Anon-IB explaining the process to a less-experienced hacker. “Post your wins here ;-)”

Acquiring just a user name and password allows hackers access to content on iCloud.com, but with the accompaniment of the ElcomSoft software, a complete backup can reportedly be downloaded into easy-to-access folders filled with the device’s contents.

According to security researcher Jonathan Zdziarski, who spoke to Wired, metadata from some of the leaked photos is in line with the use of the ElcomSoft software and possibly the iBrute software, which exploited a vulnerability in Find My iPhone to allow hackers unlimited attempts to guess a password. Apple has, however, patched the exploit, and has suggested iBrute was not a factor in the attacks.

As noted by TechCrunch, using ElcomSoft’s software to download an iPhone’s backup successfully circumvents two-factor verification as the two-factor authentication system does not cover iCloud backups or Photo Stream.

Two-factor verification can make it much more difficult for hackers to acquire a user’s login credentials in the first place, preventing many attacks, but an iCloud backup can be installed with just a user name and a password.

The ElcomSoft software does not require any credentials to buy and while it costs $399, it is also available on bittorrent sites. The vulnerability in iCloud backups has been known for some time, with ElcomSoft’s own CEO pointing towards the lack of two-factor authentication for iCloud backups back in May of 2013.

Apple has explored expanding two-factor authentication to some iCloud services, but an official expansion of the security feature has not yet been introduced.

Thanks in large part to the release of two public betas in a program that was limited to one million signups, the forthcoming OS X 10.10 Yosemite is now running on approximately 2.6 million Macs, thought to be around 3.3 percent of the worldwide Mac us…

Selected AppleSeed public testers are being contacted by Apple via email and being offered the opportunity to download and test a new beta seed of iCloud for Windows, which was announced earlier this summer at Apple’s Worldwide Developers’ Conference. …

Nordstrom may be one of Apple’s first merchant partners when Apple launches its upcoming mobile payment initiative, reports Bank Innovation. Apple is said to be in talks with Nordstrom about its payments service, suggesting Nordstrom could be one of th…

Apple has launched a new “Product Integrity Inclusion and Diversity” scholarship, according to the company’s job listings page. The program is named after Apple’s Product Integrity group, and offers successful minority applicants up to $10,000 towards …

Given the opportunity to petition against the expansion of municipal broadband expansion in Chattanooga, TN and Wilson, NC, AT&T has taken the opportunity to remind the government of its role in the state of Internet connectivity in the US. In its filing with the US Federal Communcations Commission, the telecom giant lays out its case against why local broadband, or “Government Owned Networks” (GON), shouldn’t be allowed….

Adoption of OS X Yosemite is steadily increasing ahead of its fall launch, due to both a system-wide redesign and the introduction of a public beta for the first time. As of August, Yosemite was installed on approximately 2.6 million machines or 3.3 pe…

Apple today began sending out invitations to AppleSeed members, inviting them to test the iCloud for Windows beta, which includes access to iCloud Drive. An iOS 8/Yosemite feature, iCloud Drive allows users to store any document in iCloud. Content st…

Last year, we covered Cambridge Audio’s Minx series of speakers, which like other Apple AirPlay-standard wireless audio systems were saddled with unjustifiably high price tags and unimpressive wireless performance. Despite sharing its predecessors’ industrial design, Go V2 is a very different beast. Armed with Bluetooth rather than AirPlay and five total speakers — twin 0.75” tweeters, two 2” woofers, and one 5.4”-wide…

Reddit might be the most popular Internet website aggregate ever. The barebones website lists tens of thousands of articles every day that are user submitted and mostly a complete waste of time, but fun just the same. Reddit has no official iOS app. Maybe that’s because the website is so simplistic that it isn’t difficult […]

Apple has announced plans to launch a new US store this Saturday, this time in Atlanta, Georgia’s Cumberland Mall. The shop will open at 10AM that day, and in keeping with regular hours operate until 9PM. The only exception is on Sundays, when hours wi…

Google is rebranding its efforts for enterprise. In a blog post heralding the change Chairman Eric Schmidt noted that the business focused offerings from the search engine giant will now be known as Google for Work, with no other changes made to the pr…

Apple has issued a new follow-up statement on this week’s celebrity photo leaks via iCloud. “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwor…

Last week, Re/code made claims that Apple would be unveiling a new device, likely the iWatch, which would support both HealthKit and HomeKit functionality at next week’s media event on Sept. 9. Rumors and speculations have been buzzing around our heads for months as to what we can expect from Apple. Finally getting to see […]

Most of Soundfreaq’s speakers require no explanation: it’s clear from their designs that they are made to be stationary, portable, ultra-portable, clock radios, or highly budget-sensitive. Double Spot doesn’t fit neatly into any of those categories. It’s based upon the company’s stripped-down $70 Sound Spot, yet it’s more than twice as large, and roughly twice as expensive.   When asked to explain Double Spot’s…