which directs threatened by hackers deletion of over 600 million iPhones the attention again on best practices, to iCloud accounts and iOS devices. To prevent unauthorised access, the is basically recommended two-factor authentication . But even this leaves still an attack vector, because it is available for “find my iPhone” (English “find my iPhone”).
as actually a potentially devastating attack on this remaining gap can be done, Kapil Haresh, a graduate student of computer science at the Canadian University of Waterloo experienced last year. He gave a detailed report to the trace of the attack to do so, and appealed to company rasch something against the threat to Apple –
through a “find my iPhone” alert on the lock screen was the student pointed out, that something was amiss. With “Hey, why did you lock my iPhone, haha”, someone wanted to irritate him. “Call me at (123) 456-7890.” The student quickly realized that someone had – compromised his Apple ID as it must just again experienced an unknown number of other users, since at least partly confirmed the authenticity of the Apple account data captured by blackmailers .
Haresh also realized that the attackers would probably try to delete all of its associated Apple devices. By changing the position of the iPhone in the lost mode had the apparently not particularly clever opponent but warned him and time given to him just in time to react. The computer science student went offline with all its devices to prevent deletion from a distance. Upon a subsequent registration with iCloud, he actually saw the pending deletion request and could pick him up.
Kapil Haresh had for two-factor authentication (2FA) decide at an early stage, after he attacked 2012 from a on the Honan learned US journalist Mat, which experienced a personal nightmare with Apple’s iCloud service. All things Apple’s own support had allows an attacker his gadgets and other accounts could apply, to abuse them for his own purposes.
then why had the two-factor authentication can protect him now not better? The hacker had yet to gain access to “find my iPhone” and at the same time was able to delete devices from a distance. Someone at Apple opts for 2FA, are eliminated for the previous security questions and answers to the password recovery. Who forgets it, requires a confirmation code, which is sent as a text message to a mobile phone now in addition to the password. Thus, the account must be protected before the takeover by an attacker, as long as he does not at the same time can be accessed on the selected handset.
for “find my iPhone” Apple is apparently opted for a less secure solution without two-factor authentication, the it affected not to difficult to make. Who is looking for his iPhone, not has it of course just then at hand and can not receive the additional confirmation code.
for warned before and quickly responding computer science students, the attack went out while still once lightly, but that would have probably different for many users. He proposed as an obvious solution to the problem: instead of the unique confirmation code, the iPhone manufacturer as a second authentication level to “find my iPhone” should at least back to make a selected security question.
“Apple should worry really quickly”, he argued. “I would not imagine how my iPhone at a random time is deleted while I’m on the road with the car and me and CarPlay directions are – or while HomeKit home smart home devices.” This is true even more, as we will likely see greater integration with CarPlay and HomeKit in the next few years.”
more articles on this topic
tip : How well do you know the iPhone? Check your knowledge – with 15 questions on silicon.de. DISPLAY
has become the networking of vehicles over the last 20 years to a medium for general safety messages and traffic management. But nowadays cars are equipped with new sensors to achieve even better networked and safer driving.