Here’s another day with a hacking story. On Monday, iPhone, iPad and Mac owners in Queensland, New South Wales, Western Australia, South Australia and Victoria have reported that their devices were hacked and held for a ransom of up to $100 to release their devices. That said, only a handful of lucky ones were able to escape this hacking spree.
In this instance, these hackers seemed to have gained access to the users’ iCloud accounts as multiple of their devices show the same message simultaneously.
Unfortunately for the hackers though, not all of their targets have been affected, since the FindMyiPhone is so limited, where one can only set a password and lock a device that has no password on it.
Apple has a workaround, which was to restore the iphone from a backup, but that means data lost and for those without backups, its good luck!
Anyway, this coincides with the claims made on 21 May of a compromise of Apple’s iCloud servers. Even though they have apparently informed Apple since March, nothing concrete has been done, as such, leading to today’s hack.
In short, this was achieved simply because Apple failed to certify or verify the certificates with resulted in this breach. SSL has 2 tasks which is simply to verify the communication and secondly to prevent manipulation. So since no verification was done, in this instance, the Apple ID and passwords are sent literally in plaintext since they are able to access the encrypted contents now.
However, whilst this allegation of the SSL bug use was denied, until the method is revealed, this bug still showcases serious fractures in Apple’s own security, and I still do not understand how this is as secure as the BlackBerry platform.