Elcomsoft Phone Breaker, the app that some think hackers used to break into Kate Upton’s iCloud account in September, just got a massive update that makes it even easier to steal information.
Two-factor authentication is a security system you can set up with iCloud, Gmail, and other online services.
It requires that you type in a one-time code that the service sends via text message to your phone after you enter your password. The idea is that even if someone steals your password, he or she won’t be able to log in unless they also have your phone.
The new version of Elcomsoft’s app, however, can generate a digital token that grants access to the user’s account regardless of whether or not two-step verification is enabled.
Still, hackers will need the victim’s password in order for the hacking software to work. Hackers typically get user passwords through “phishing” techniques. Phishing means hackers find ways to trick people into typing in their password on a phony Apple site. It’s always best to check that any email that seems to come from Apple (or other service) is authentic before you click an embedded link. Legitimate companies will rarely ask for your password over email.
In addition, the update now allows the app to extract all kinds of new data from iCloud that it couldn’t before, including WhatsApp chats, iWork documents, and data saved by third party apps, including password managers.
Elcomsoft’s app is meant to be used by law enforcement to break into criminal’s phones, but we’ve already seen what it can be used for when falling into the wrong hands.