The New Apple IDs Security System Doesn't Protect Data Stored In iCloud

On May 31, 2013

A few weeks ago, the people at Apple have implemented a new protection system for the Apple IDs, it allows owners of Apple IDs to add a new security “layer” for the accounts taken from iTunes, iCloud, etc. Wanting to check how vulnerable Apple IDs and iCloud data are after implementation of security measures, those from Elcomsoft began to test the system and sadly concluded that our iCloud backups remain unprotected.

Basically Apple now protects users against purchases made on terminals that have not been verified by the company, asking them to introduce safety data at its acquisition, but the same is not true for iCloud. If a person knows our username and password want to install a backup on a terminal that Apple has not checked, nothing prevents him to do so, iCloud lacking the same safeguards available to protect us.

The idea to not implement this complicated security system it could be based on the fact that users are not so excited about the idea of having to enter passwords for secret question each time they log on a new terminal. Two-step authentication system is complex, protects users, but can become a problem in use, and Apple may have decided not to implement it in order to facilitate user interaction with iCloud.

Whatever the motivation of Apple, it is unlikely that the system will not be implemented in iCloud, especially that soon everyone will begin to weep without it.