“In our view, this strategy was ill-advised because we found the event ‘half baked’ with no details around the price points, launch dates a bit fuzzy, limited technical specifications, and ‘gimmicky’ features,” White said in his note, a copy of which was provided to AppleInsider. “With the potential threat of this event now out of the way, we believe this just made Apple’s ‘Fab Fall’ launch a lot easier because the company’s #1 competitor does not appear well prepared to take on Apple’s new iPhones this fall.”
Archive for September 2014
Samsung’s ‘rushed,’ ‘half-baked’ announcements set Apple up for easy victory this fall, analyst says
“Interceptor use in the U.S. is much higher than people had anticipated,” said Les Goldsmith, the CEO of ESD America. He told Popular Science, “One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one at South Point Casino in Las Vegas.” He added, “What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.”
If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages.
On Tuesday afternoon, Apple issued a statement calling the security debacle a “very targeted attack on user names, passwords and security questions.” It added that “none of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.”
But the conversations on Anon-IB make clear the photo-stealing attacks aren’t limited to a few celebrities. And Zdziarski argues that Apple may be defining a “breach” as not including a password-guessing attack like iBrute. Based on his analysis of the metadata from leaked photos of Kate Upton, he says he’s determined that the photos came from a downloaded backup that would be consistent with the use of iBrute and EPPB. If a full device backup was accessed, he believes the rest of the backup’s data may still be possessed by the hacker and could be used for blackmail or finding other targets. “You don’t get the same level of access by logging into someone’s [web] account as you can by emulating a phone that’s doing a restore from an iCloud backup,” says Zdziarski. “If we didn’t have this law enforcement tool, we might not have the leaks we had.”