If you expect two-step verification to be the ultimate protection against your iCloud, then think again.
An update to Elcomsoft’s Phone Breaker software now makes it easier for guys to bypass Apple’s vaunted new two-factor authentication to steal your iCloud stuff.
Just like before, the hackers would need some information to start with — either your Apple ID/password plus a two-factor code, or a digital token stolen from, say, your laptop.
This would give them access to your account anyway, but here’s the kicker: The Phone Breaker app can then create a digital token granting intruders permanent access without a two-step code until you change the password.
It also allows someone to view all your iCloud files at a glance, making it easier to pick and choose which to steal. The tool is used legitimately by law enforcement to access lawbreakers’ phones, but was also recently implicated in a celebrity phone hack.
Source: EnGadget
