These days, even the most casual tech user probably has data stored online in Cloud storage. The advantages are clear, all of your data safe in one place, accessible from any of your devices and from wherever you are in the world. All without using up any precious storage space on the device itself, meaning our favourite gadgets can be cheaper, faster and lighter.
Apple’s cloud storage service, iCloud, allows you to save your photos, messages, calendar, contacts, notes and more, making them instantly available across any of your devices. iCloud will even automatically backup your entire iOS device, so if you lose it or get a new one, you can easily restore.
Unfortunately, the flip side of all this convenience is that we all now have vast amounts of personal data stored online, making it vulnerable to hackers. There are now even publicly available services that allow a 3rd party to extract this data and use it to spy on you. In this article, we’ll explain how they work and how you can protect against them.
Many iPhone spyware providers, such as mSpy, Mobistealth and Highster Mobile, now offer an iCloud solution alongside their conventional spyware apps. These solutions work by accessing the victim’s iCloud account and extracting data from an iCloud backup of their device stored online.
Unlike conventional iPhone spyware apps that are installed onto the device, iCloud solutions access the data online via the victim’s iCloud backup and so do not require the hacker to have physical access to the device. As such, they are often advertised as “Remote” or “Non-Jailbreak” spyware solutions.
Prices for this service start from as little as $15 per month and the data extracted from the victim’s backup is all made available to the hacker via a handy web portal. It’s worth pointing out that the amount of data available to the hacker using this method is not as much as with traditional spyware. For example, GPS location tracking, keylogging or the ability to turn on the camera/microphone all require spyware to be installed onto the device itself. However, data extracted from an iCloud backup can typically include WhatsApp and text messages, browsing history, call logs, installed apps, notes, calendar, contacts and more.
In order for a hacker to successfully use iCloud spyware without ever touching the victim’s device, three important criteria must be met. These are:
- The hacker must know (or have found out) the victim’s Apple ID and password. This is how the service gains access to the victim’s iCloud account.
- Two-Factor authentication must not be enabled on the victim’s account. This is an extra layer of security that makes it more difficult for hackers to access someone else’s iCloud account.
- The victim’s device must be configured to backup to iCloud. So that there are regular backups available online to extract data from.
If the victim’s device is not configured accordingly, then the hacker will need physical access in order to make the necessary changes.
Detecting iCloud spyware is a very difficult task. Firstly, as all data is accessed online and nothing installed onto the iPhone, it’s not possible to identify by examining the device itself. Furthermore, unlike other tech giants such as Google, Apple do not make full access logs for iCloud available to their customers, so spotting unauthorized access online is also tricky.
However, if you are concerned about this type of attack, there are things you can do to protect against it:
- Change the password for your Apple ID. We recommend changing your password every couple of months and not using the same password that you use for other services. Click here for instructions.
- Turn on Two-Factor authentication for your Apple ID. If not already turned on, we recommend doing so as it helps ensure that you’re the only person who can access your account, even if someone knows your password. Click here for instructions.
- Disable iCloud backups on your device. This means backups of your device will no longer be stored online and cannot be accessed by hackers. Be sure to backup your phone to iTunes on your computer instead. Click here for instructions.
If you’ve taken steps to protect your device against iCloud hacking but are still concerned about conventional iPhone spyware, then check out Certo AntiSpy. Our industry-leading spyware detection tool can check your device in a matter of minutes and will alert you if your device is Jailbroken or has any hidden spyware installed.