A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts. The hackers, who identified themselves as 'Turkish Crime Family', demanded $75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data.
"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers told. The hackers provided screenshots of alleged emails between the group and members of Apple's security team.Read more
Apple has a hidden feature for you in its iPhones: call logs going back as far as four months are stored in near real-time in the iCloud. That’s the warning today from a Russian provider of iPhone hacking tools, Elcomsoft, which claimed the feature was automatic and there was no way to turn it off bar shutting down iCloud Drive altogether.
Whilst it was well-known that iCloud backups would store call logs, contacts and plenty of other valuable data, users should be concerned to learn that their communications records are consistently being sent to Apple servers without explicit permission, said Elcomsoft CEO Vladimir Katalov.Read more
Some shady tweaks that you installed on their jailbroken devices are looking to steal your iCloud login credentials. The iCloud account details, including email addresses and passwords, of nearly 220,000 users have been breached.
The security breach was a result of 'backdoor privacy attack' caused by the installation of a malicious jailbreak tweak. It appears that hackers are using a variety of built-in backdoors that could be numerous of malicious jailbreak tweaks in an effort to acquire victim's iCloud account information. Once installed, these malicious tweaks transferred the iCloud login details of the jailbreak users to an unknown remote server.Read more
A security expert demonstrated how to exploit a vulnerability in Apple IOS system to steal user password with a phishing email. A new vulnerability that affects Apple’s iOS could be exploited by hackers to collect user passwords by using a single email.
A security and forensic expert has developed a tool, the iOS 8.3 Mail.app inject kit, that could be used to create malicious iCloud password phishing emails. He explained that he exploits an unpatched bug affecting Apple iOS. The iOS 8.3 Mail.app inject kit exploits a vulnerability in the Apple operating system’s native email client that allows and attacker to display a realistic pop-up.Read more
Chinese authorities are attacking users who are connecting to Apple's iCloud website in what appears to be a surveillance push to steal users' login credentials, according to a Chinese censorship monitoring group.
After the new iPhone 6 went on sale in China, connections to iCloud.com were hijacked and stripped of the usual encryption that prevents hackers and government spies from intercepting the username and password typed by someone connecting to the site. This is another example of what is technically known as a "man-in-the-middle" (MITM) attack. China has been accused of intercepting connections with a MITM attack against Github, Google, and, more recently, Yahoo.Read more
Apple said that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.
Apple says that the mass theft of nude celebrity photos that were released over the weekend did not occur because of a breach in any Apple systems, including iCloud.
Apple says, however, that certain celebrities were the subject of targeted hacking attempts that focused on compromising their usernames, passwords, and security questions. Though Apple's statement doesn't make it entirely clear, it sounds as though iCloud may still have been involved in the thefts in some capacity: that is, Apple's customers may have had their iCloud usernames and passwords stolen, giving another party access to their account.Read more