Program found that can ‘bypass’ iCloud passwords

Software allegedly capable of bypassing Apple iCloud’s two-step authentication process has been found on the internet, in connection to the recent naked celebrity photo leak.

Security firm Elcomsoft’s Phone Password Breaker claims to be able to acquire data from Apple devices "without requiring the user’s Apple ID or password", and is marketed as a "forensic tool".

Vladimir Katalov, chief executive of ElcomSoft, said after its release in June: "We learned to bypass the login and password authentication when accessing iCloud.

"This is a major achievement of our researchers, and a breakthrough feature for our forensic customers."

The program was being discussed in connection with Apple’s cloud service on AnonIB, an image board for posting naked pictures, according to the tech magazine Wired.

Katalov told the BBC that he believed his firm’s software was used to leak the celebrity pictures, though he could not be certain.

Other security experts have questioned the validity of Apple’s two-factor authentication scheme, which F-Secure’s chief research officer Mikko Hypponen says is not required to access photos or restore back-ups.

Apple has been contacted for comment.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing