Presentation is loading. Please wait.

Presentation is loading. Please wait.

ICLOUD TECHNOLOGY WITH SECURITY ISSUES Group 4: Tse Shun Dun14205033 Wong Ngai Shan14203421 Wong Chi Ho12204501 Cheung Chun Kan12210390 Wong Yuet Hing14224089.

Published byCynthia Henderson Modified over 9 years ago

Similar presentations

Presentation on theme: "ICLOUD TECHNOLOGY WITH SECURITY ISSUES Group 4: Tse Shun Dun14205033 Wong Ngai Shan14203421 Wong Chi Ho12204501 Cheung Chun Kan12210390 Wong Yuet Hing14224089."— Presentation transcript:

1 ICLOUD TECHNOLOGY WITH SECURITY ISSUES Group 4: Tse Shun Dun14205033 Wong Ngai Shan14203421 Wong Chi Ho12204501 Cheung Chun Kan12210390 Wong Yuet Hing14224089 Yip Pak Hong14208741

2 AGENDA Part I: Introduction of iCloud Part II: Security issues in iCloud 1. China hacking 2. Privacy leakage 3. Remote third party operation 4. iDict “Pr0x13” 5. Hacking by combination of research 6. iCloud application bugs Part III: Conclusion 2

3 PART I: INTRODUCTION OF ICLOUD 3

4 Introduction of iCloud(1/5) 4 https://www.youtube.com/watch?v=YjWBEDIz66I

5 Introduction of iCloud(2/5) Remarkable innovation A cloud storage and cloud computing service Launched by Apple on 12 th October, 2011 Act as a connection – Ensure users get the latest versions of their important things 5

6 Introduction of iCloud(3/5) Convenient platform – Share photos, videos, calendars, or even locations with their friends and family 6

7 Introduction of iCloud(4/5) Store all their documents such as spreadsheets, word documents or even images in iCloud safely Access the documents through iPhone, iPad, iPod touch, Mac, or even PC after storing documents in iCloud 7

8 Introduction of iCloud(5/5) Helps to track the missing device on a map when your device is lost By signing in at iCloud.com use the Find My iPhone app Lock the device with activation lock after turning on Find My iPhone back up everything automatically anytime when the device is plugged in and connected to Wi-Fi 8

9 PART II: SECURITY ISSUE IN ICLOUD 9

10 Security Issue 1 China Hacking (1/2) Late October 2014 Greatfire.org, a Chinese activist group attacked iCloud users in China Attack by using insecure certificates to obtain users’ information Provide fake iCloud.com – Mislead the iCloud users in China – Expose username and passwords 10

11 Solution for Security Issue 1 China Hacking (2/2) SSL/TLS encryption is used to protect the connections to iCloud.com Apple made a report to remind users – What the images of Safari, Firefox, and Chrome are look like when the connection is built correctly to the authentic iCloud – What should it be when the connection is built to another bogus website Steps are provided to each web browsers – Confirm the certificate information – Make sure it is a secure connection 11

12 Security Issue 2 Privacy leakage (1/3) Victims: Women artiste from Hollywood Time: Aug 2014 Issue: Hackers stole the privacy information from iCloud Bugs: “Find My iPhone” allowed hackers to try the password until they reached the correct one 12

13 Broaden and strengthen the use of two-factor authentication in iOS8 Add a second level of authentication to an account login 13 Solution for Security Issue 2 Privacy leakage (2/3)

14 Adopt secure tokens – Store data in encrypted format – Inform user when unauthorized access Send push notifications about activity on user accounts Inform someone tried to change their account password or login from an unrecognized device 14 Solution for Security Issue 2 Privacy leakage (3/3)

15 Issue: iCloud backups allow remote operation No receive notification access and downloading ("Apple's iCloud cracked:," 2013) 15 Security Issue 3 Remote third party operation (1/3)

16 Security Issue 3 2 factor- authentication (2/3) 2FA(Two-steps authentication)is just an optional security feature In iCloud, Apple’s 2FA is not applicable iOS backup can be done by Apple ID and password 16

17 Solution for Security Issue 3 Remote third party operation (3/3) Third-party Security Apps 17

18 Security Issue 4 iDict “Pr0x13” (1/4) 2th January, 2015 Dictionary attack which bypass Account Lockout restrictions and Secondary Authentication on any account.

19 Security Issue 4 iDict “Pr0x13” (2/4) Brute force method –attempt to login with dictionary words –try different combination of words

20 Security Issue 4 iDict “Pr0x13” (3/4) Why it works? –security hole in Apple side –allow hackers to do multiple login request which bypass security check

21 Security Issue 4 iDict “Pr0x13” (4/4) Not aim to hack, but revealed the bug Apple fix the bug immediately Urge user to use complex String as pw Use two-factor authentication

22 Security Issue 5 Hacking by combination of research (1/4) Hacker targeted individual using a combination of research - Finding place - Date of birth - Other information using in Apple’s password protection Targets are especially known individual (friends) 22

23 23 Security Issue 5 Hacking by combination of research (2/4)

24 Solution for Security Issue 5 Hacking by combination of research (3/4) What can Apple do? Geofencing -location as security TouchID -Fingerprint Face Recognition (for future) 24

25 25 Solution for Security Issue 5 Hacking by combination of research (4/4) What can we do? Change your security questions Enable two-step verification Use a strong account password Use iTunes backups

26 26 Security Issue 6 iCloud Application bugs

27 27 Hacker Use the bug of To do whatever things.

28 28

29 29 UPDATE PATCH

30 30 UPDATE Report

31 Conclusion 31

32 32

33 33 Create and use Strong Password Use Two-step authentication Beware of unsafe web site and application

34 Reference Apple's iCloud cracked: Lack of two-factor authentication allows remote data download. (2013, October 21). Retrieved from http://www.zdnet.com/article/apples-iCloud-cracked-lack-of-two-factor- authentication-allows-remote-data-download/ http://www.zdnet.com/article/apples-iCloud-cracked-lack-of-two-factor- authentication-allows-remote-data-download/ Katalov, V. (n.d.). cracking and analyzing apple’s iCloud protocols. Retrieved from http://conference.hitb.org/hitbsecconf2013kul/vladimir-katalov/ http://conference.hitb.org/hitbsecconf2013kul/vladimir-katalov/ Katalov, V. (2013, May 30). apple two-factor authentication and the iCloud [Web log message]. Retrieved from http://blog.elcomsoft.com/2013/05/apple-two-factor-authentication-and- the-iCloud/ http://blog.elcomsoft.com/2013/05/apple-two-factor-authentication-and- the-iCloud/ Bryan Chaffin (2015, Mar 19). Apple’s Yosemite 2015-003 Security Update Patches Hole in iCloud Keychain Retrieved from http://www.macobserver.com/tmo/article/apples-yosemite-2015-003-security-update- patches-hole-in-iCloud-keychain 34

35 35

Download ppt "ICLOUD TECHNOLOGY WITH SECURITY ISSUES Group 4: Tse Shun Dun14205033 Wong Ngai Shan14203421 Wong Chi Ho12204501 Cheung Chun Kan12210390 Wong Yuet Hing14224089."

Similar presentations

Getting to Know Your iPad. Overview Tip: the back camera is the best!

Getting to Know Your iPad. Overview Tip: the back camera is the best!
Google Docs is a free, web-based office suite offered by Google within its Google Drive service. It was formerly a storage service as well, but has since.

Google Docs is a free, web-based office suite offered by Google within its Google Drive service. It was formerly a storage service as well, but has since.
6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Securing Your iPad What can you do to make sure that your iPad is at school every day and is kept safe? Passcode lock Label your accessories.

Securing Your iPad What can you do to make sure that your iPad is at school every day and is kept safe? Passcode lock Label your accessories.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Welcome, Parents. Check out the new look of the School Directory App!

Welcome, Parents. Check out the new look of the School Directory App!
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
HNA-Drive Familiarization Presentation. From the address bar in your preferred internet browser, navigate to www.hnadrive.com Site supports: Internet.

HNA-Drive Familiarization Presentation. From the address bar in your preferred internet browser, navigate to Site supports: Internet.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Antoine Tadros ISM 158 05/04/2010 Spring 2010 Now offers find my iPad.

Antoine Tadros ISM /04/2010 Spring 2010 Now offers find my iPad.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.

IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.
V.04022012 | © OverDrive, Inc. 2012 | Page 1 User Experience: Library eBooks for Kindle.

V | © OverDrive, Inc | Page 1 User Experience: Library eBooks for Kindle.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Secure Online USB Login System. Everything is going online Social Interactions Banking Transactions Meetings Businesses... including all sorts of crimes.

Secure Online USB Login System. Everything is going online Social Interactions Banking Transactions Meetings Businesses... including all sorts of crimes.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

Similar presentations

Ads by Google