Hacking your iCloud files just got easier, even with two-step enabled
An update to Elcomsoft's Phone Breaker software now makes it easier for bad guys to bypass Apple's vaunted new two-factor authentication to steal your iCloud stuff. As before, the hackers would need some information to start with -- either your Apple ID/password plus a two-factor code, or a digital token stolen from, say, your laptop. That would give them access to your account anyway, but here's the kicker: The Phone Breaker app can then create a digital token granting intruders permanent access without a two-step code until you change the password. It also allows someone to view all your iCloud files at a glance, making it easier to pick and choose which to steal. The tool is used legitimately by law enforcement to access lawbreakers' phones, but was also recently implicated in a celebrity phone hack.