Apple introduced its two step security service about two months ago for the iCloud online services. The measure was meant to protect the user’s data by making it harder for a hacker to compromise an account. However, at close scrutiny, it seems that the security measure is not as strong as it was deemed.
Moscow security experts have uncovered a flaw in the system which allows a hacker to access one’s private files. There is some good news though – one’s Apple ID is still secure, which means that illegal purchases are indeed secured by the two step security system.
But, if the personal data stored in the cloud can be compromised, who is to say that the Apple ID is not to be cracked and in the future allow for fraudulent transactions?
Now, before you panic, let’s take a closer look at what the Moscow security experts uncovered. To be fair, the iCloud data on your account will remain secure as long as your actual password is strong enough and well chosen and, of course, is secret.
But, here’s where the trick a hacker could use: if your data is compromised, your credentials and your information gets stolen, the two step verification suddenly becomes meaningless. Once your credentials have been acquired there is nothing stopping a hacker from power cracking your password.
Another point of contention that the security system has produced regards the restoration of an iOS backup by an unauthorized party. A backup could potentially be installed on another machine which could lead to uncovering of personal information, personal files and anything else stored in one of these backup images.
This is even easier to do, since the two step security system does not apply to these image backups. Just to see how easy this can be done, just log on I your iCloud account and this is all it takes to have a full list of all your information – no other logon data is required to instantly see this data.
Reading the FAQ of Apple’s two-factor verification seems to exonerate them to a point. They never intended the systems to also cover this data, this information. But ultimately, the allegation that the security system is not viable stands: if the system can be hacked – it matters little if Apple intended the system to protect the digital backups or not – they are a weak link in the system.
Where the two way system proves its worth is on keeping an attacker from resetting a password. But, while your password remains secure, data in your online account can be accessed, copied, or even deleted. This almost renders the password system meaningless since you have no privacy or control over how your data is used.
So, while Apple will try to fix this issue, stay alert and keep in mind that you still need a strong password so that if one step of the authentication is breached your password will still be hard to crack.