RegisterFAQSearchLogin

View unanswered posts | View active topics It is currently Wed May 07, 2025 5:37 pm


Board index » Tech Support

All times are UTC




Reply to topic  Page 1 of 1
  [ 4 posts ] 
Print view Previous topic | Next topic 
icloud security bypassed by 70 lines of code 
Author Message
bobbdobbs
I haven't seen my friends in so long
User avatar

Joined: Thu Apr 23, 2009 7:10 pm
Posts: 5490
Location: just behind you!
Reply with quote
Post icloud security bypassed by 70 lines of code
http://www.neowin.net/news/apples-icloud-security-feature-in-osx-is-bypassed-in-just-70-lines-of-code
Quote:
A Github user by the name of knoy has uploaded iCloudHacker: its only about 70 or so lines of Arduino code that doesn't just make it ridiculously straightforward to brute-force your way through the Find my Mac lockout, but it also dances around the surprisingly lackluster security controls that Apple had tried to implement. The coder reports that it has been successfully tried and tested on 2010 & 2012 13" MacBooks.

ouch

_________________
johnwbfc wrote:
I care not which way round it is as long as at some point some sort of semi-naked wrestling is involved.

Amnesia10 wrote:
Yes but the opportunity to legally kill someone with a giant dildo does not happen every day.

Finally joined Flickr
Sat Mar 01, 2014 9:59 am
Profile
jonbwfc
What's a life?
User avatar

Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
Reply with quote
Post Re: icloud security bypassed by 70 lines of code
Quote:
If an Apple computer is remotely locked by an iOS device, the user would need to enter a 4-digit PIN on the Find my Mac app in order to unlock the machine.

So it's not actually 'iCloud security', it's the 'find my device' authentication layer. And even if you unlock that, you still have the 'normal' security layer to get through e.g. a password of indeterminate length and complexity.

So not overstating the case much at all then.
Sat Mar 01, 2014 11:38 am
Profile
big_D
What's a life?
User avatar

Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
Reply with quote
Post Re: icloud security bypassed by 70 lines of code
Once unlocked, the Mac could then be started in recovery mode and passwords reset or data copied from the drive.

This is about unlocking the local Mac.

A better method would be to lock the Mac for hours after half a dozen failed attempts or bricking it (requiring it to be taken to an Apple store or reseller). The problem is, that it locks for a maximum of five minutes and it forgets the 5 minutes if you reboot the system.

That is the problem here. If it could remember the 5 minute lockout and/or change that to hours instead of minutes, it would be much more effective, as would having a sensible length password or longer PIN, instead of just 4 digits. As the article said, if the code took into account the most used PINs first, it would probably be able to crack the PIN code a lot faster.

If you have stolen the Mac, you either want to get at the data on the device or you want to erase it and reinstall it so that you can use it yourself or sell it on. You probably don't care about the iCloud account itself.

_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari

Executive Producer No Agenda Show 246
Sun Mar 02, 2014 9:16 am
Profile ICQ
jonbwfc
What's a life?
User avatar

Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
Reply with quote
Post Re: icloud security bypassed by 70 lines of code
big_D wrote:
If you have stolen the Mac, you either want to get at the data on the device or you want to erase it and reinstall it so that you can use it yourself or sell it on. You probably don't care about the iCloud account itself.

If that''s what you're bothered about, what you actually need is this. The fact is even without this hack the 'find my mac' lock can be defeated by booting the Mac off a DVD or as you say the recovery partition if you're not actually bothered about keeping the data on it. The 'find my mac' pass lock is about the situation where the person who found it would return it to the origin owner but it gives the owner some piece of mind that it hasn't been accessed in the meantime.

Regardless of all that, the headline is misleading. This is not 'iCloud security' in a real way at all. Cracking the find my mac does not given the person doing so access to the user's iCloud account.
Sun Mar 02, 2014 10:49 am
Profile
Display posts from previous:  Sort by  
Reply to topic   Page 1 of 1
  [ 4 posts ] 

Board index » Tech Support

All times are UTC


Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software.