The privacy game, as I like to say, is nothing more than a cat and mouse relationship.
Yesterday, Apple confirmed the new security tool on iOS 12 that (theoretically) restrains the action of companies like Cellebrite, which unlock iPhones from the outside; today, the Russian company ElcomSoft j counterattacked not directly, but focusing on an important element of Ma?s digital ecosystem.
The maker of data recovery tools, widely used by government and related agencies around the world, announced that the latest version (8.3) of its software Phone Breaker able to remotely hack the service Messages in iCloud, which made its debut on iOS 11.4 and macOS High Sierra 10.13.5, the one that saves all your messages and photos / files shared by iMessage in the cloud and we talk about more here.
In order to do this, however, the attacker must have a list of items that are, at the very least, difficult to obtain. Remote access to iCloud Messages only occurs if the ?interested party? has the Apple ID and the respective password for the account they want to hack, the password for access to at least one device that is linked to that account's iCloud Messages service (either it is a Mac, an iPhone or an iPad) and, finally, access to a two-factor authentication method, such as a trusted secondary device or the SIM card with the linked phone number in question.
If you are wondering how ElcomSoft managed to put this tool in its software, considering that the exchange of messages by encrypted end-to-end iMessage and would not (theoretically) allow the action of a remote attacker, Apple itself explains: company includes a key in each new iCloud Backup so you can recover messages even if you have lost access to iCloud Keys or trusted devices. The Phone Breaker seems to take advantage of this.
Personally, I would say that a person who somehow managed to get all of the above deserve having access to your messages just for the effort spent on the task. Okay, jokes aside, chances are that the new feature of Phone Breaker will only concern even highly targeted users, such as politicians, activists and artists of great fame, people whose individuals and groups interested in the details of their personal lives can channel great efforts to achieve all data above.
For us, mere mortals, they are the same tips as always: do not leave by sharing your passwords (nor use the same passwords in multiple services), accessing your accounts on devices that do not trust or clicking on suspicious links. Following these basic steps, this new tool from ElcomSoft will certainly not come close to you.