View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 4, 2014

Program found that can ‘bypass’ iCloud passwords

ElcomSoft chief executive believes his software cause celebrity picture leak.

By Jimmy Nicholls

Software allegedly capable of bypassing Apple iCloud’s two-step authentication process has been found on the internet, in connection to the recent naked celebrity photo leak.

Security firm Elcomsoft’s Phone Password Breaker claims to be able to acquire data from Apple devices "without requiring the user’s Apple ID or password", and is marketed as a "forensic tool".

Vladimir Katalov, chief executive of ElcomSoft, said after its release in June: "We learned to bypass the login and password authentication when accessing iCloud.

"This is a major achievement of our researchers, and a breakthrough feature for our forensic customers."

The program was being discussed in connection with Apple’s cloud service on AnonIB, an image board for posting naked pictures, according to the tech magazine Wired.

Katalov told the BBC that he believed his firm’s software was used to leak the celebrity pictures, though he could not be certain.

Other security experts have questioned the validity of Apple’s two-factor authentication scheme, which F-Secure’s chief research officer Mikko Hypponen says is not required to access photos or restore back-ups.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Apple has been contacted for comment.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.