The Cupertino giant Apple is recognised as a tech company with a focus on privacy. However, it looks like this time Apple has compromised on security heavily when it comes to convenience. A report on a blog has just decoded exactly how fragile the entire Apple mobile ecosystem has become after Apple introduced the iOS 11 update.
It seems as though a number of changes made by the iPhone-maker in iOS 11 have resulted in an authentication system which has been completely stripped down of essential security mechanisms. The report has claimed that, now if a person wants to steal all your data linked to your Apple ID or iCloud account, all they have to do is find out your iPhone’s passcode.
Yes, that’s it.
The primary problem remains with your iTunes backup (where you back up all your encrypted iPhone data). It is password protected and with the new update, it can now be accessed using only the iPhone’s security code.The only requirement is that you have your iPhone code to just open the iPhone and just go to Settings > General > Reset > Reset all settings. Voila! And just like that all backup passwords removed.
From this now you can take out information from the original user’s iPhone back up, including things such as
- Credit card numbers,
- Videos and much more at a leisurely pace.
Users Are Exposed
It is also being claimed that one can also access the original user’s Gmail account. From this information you can now access the user’s location data, Chrome password auto-fills, Google photos and… you get the picture right? Not a pretty one by any means. The bad news is that this is just the just the tip of the iceberg.
It would appear that your Apple ID is not as safe as you thought it once was. You would think that, by common logic, changing one’s previous password would definitely require you to type in your old password. Right? Wrong. It looks like the brilliance (or stupidity?) of Apple is quite uncanny.
If you have activated two-factor authentication then you can actually reset your AppleID password if you know the iPhone’s security code. There is no need for user authentication or any old AppleID password. Just the iPhone’s security code. If a person can access your AppleID, then they can:
- Control your iCloud lock.
- Erase your photos and videos of any devices uploaded to the iCloud account and physically locate all your Apple devices connected to the account and remotely lock them or erase them.
- There is also the possibility of removing the person’s trusted number so that you get the 2FA codes to your own SIM card and also access your call logs and synced data via the iCloud account alongside gaining access your current passwords via iCloud Chain.
If you haven’t upgraded to iOS 11, it may be a good time to hold back!