Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Import only photos and albums to new iPhone 15PM from old iPhone 14PM without iCloud. No other data for apps.

jdavid_rp said:
Social engineering should be called hacking then? It’s like not trusting banks because some people get their money taken out because they give their info to a random in a phone call.
Click to expand...

I guess. The word hacking appears quite frequently here: https://en.wikipedia.org/wiki/Social_engineering_(security)

I'm not an expert on this but hacking would probably be anytime someone uses someone else's credentials without that person's permission. In both of the articles I linked, the person pretended to be Apple Support to get passwords. In the celebrity case, he sent out emails from a fake Apple domain and in the second he pretended to be an Apple employee over the phone. I'm not sure what technically qualifies as what.
 
Mity said:
I tried using AirDrop but 800 photos was too much and it didn't work. I tried connecting via Lightning to USB-C cable but it didn't work.

I ended up importing the photos into my Macbook but this did not import the albums. Do you know if there's a way to preserve the albums.

BTW - I appreciate your help!
Click to expand...
800 photos is nothing. Many of us have 100 times that. Just in case, take a screenshot of the album names. Then if you lose albums during transfer you can just remake them. 800 pix should be easy.
 
Mity said:
I'm not an expert on this but hacking would probably be anytime someone uses someone else's credentials without that person's permission. In both of the articles I linked, the person pretended to be Apple Support to get passwords. In the celebrity case, he sent out emails from a fake Apple domain and in the second he pretended to be an Apple employee over the phone. I'm not sure what technically qualifies as what.
Click to expand...

Let me encourage you to think about this a little more deeply.

Person A has an iCloud account that stores their photos. It is protected by their password.

Person B contacts Person A and pretends to be Person C—a person of authority. Through this social engineering, Person A gives Person B their login credentials.

Person B used those credentials to log into Person A's account and access their data. Person A did not have two factor authentication enabled, causing no challenge -> answer to be issued in response to the new login.

Make sense? This is how that celebrity "hack" worked.

Now: Explain to me how all this unfolded as a result of iCloud. Where was the weakness in iCloud's process or security?

Apple tells you to use a complex password. Apple tells you to not use that password anywhere else. Apple tells you never to give your password to anyone else, and says specifically that no one at Apple will ever ask for your password. Apple tells you to enable two-factor authentication to prevent unexpected logins. Apple tells you to enable advanced data protection which encrypts all data held by Apple, making it irretrievable by anyone without your password in the event of an actual data breach/MITM attack, not just a cheap social engineering stunt.

No one deserves to have sensitive or private photos stolen, not even a vapid celebrity. But good data security habits are an individual responsibility.
 
  • Like
Reactions: Mike Boreham
cateye said:
Let me encourage you to think about this a little more deeply.

Person A has an iCloud account that stores their photos. It is protected by their password.

Person B contacts Person A and pretends to be Person C—a person of authority. Through this social engineering, Person A gives Person B their login credentials.

Person B used those credentials to log into Person A's account and access their data. Person A did not have two factor authentication enabled, causing no challenge -> answer to be issued in response to the new login.

Make sense? This is how that celebrity "hack" worked.

Now: Explain to me how all this unfolded as a result of iCloud. Where was the weakness in iCloud's process or security?

Apple tells you to use a complex password. Apple tells you to not use that password anywhere else. Apple tells you never to give your password to anyone else, and says specifically that no one at Apple will ever ask for your password. Apple tells you to enable two-factor authentication to prevent unexpected logins. Apple tells you to enable advanced data protection which encrypts all data held by Apple, making it irretrievable by anyone without your password in the event of an actual data breach/MITM attack, not just a cheap social engineering stunt.

No one deserves to have sensitive or private photos stolen, not even a vapid celebrity. But good data security habits are an individual responsibility.
Click to expand...

Thanks for this illustration.

To answer your question, if "Person A" doesn't have any photos in iCloud in the first place, then there is nothing to steal. The problem is that Apple requires us to use iCloud to preserve metadata like albums. That is inherently stupid. It is absolutely more secure to manage photos on device (Mac or iPhone) as "Person B" would need physical access to the device belonging to "Person A" to steal anything, which is far less likely.

Further, I don't trust Apple (or any other company) to maintain my privacy for things stored in iCloud. That's why I don't have any documents with my SSN or tax returns stored in the cloud.
 
  • Like
Reactions: cateye
Mity said:
Thanks for this illustration.

To answer your question, if "Person A" doesn't have any photos in iCloud in the first place, then there is nothing to steal. The problem is that Apple requires us to use iCloud to preserve metadata like albums. That is inherently stupid. It is absolutely more secure to manage photos on device (Mac or iPhone) as "Person B" would need physical access to the device belonging to "Person A" to steal anything, which is far less likely.

Further, I don't trust Apple (or any other company) to maintain my privacy for things stored in iCloud. That's why I don't have any documents with my SSN or tax returns stored in the cloud.
Click to expand...

Totally—and to be clear, my illustration was not meant as an encouragement for you to use iCloud. There are conveniences and risks with any remote data storage, and that's up to the individual to consider.
 
  • Like
Reactions: Mity
Mity said:
Are iCloud backups encrypted by default? If so, how did those celebrities get their accounts hacked and their private details stolen?
Click to expand...
My apologies:) A few years ago it was much easier for me to navigate through the iPhone settings, but it is not longer the case since the recent iOS updates, confuse me and I have to figure the new iOS "hurdles" along the way, including the ones told by others in this thread.

The bottomline is that the iPhone's photos, music, and so on are in iCloud. The ones in your phone are small copies of the originals. I believe that you can set Photos in your iPhone's iCloud account-once you sign in-to save the originals to their actual sizes in the iPhone. But please don't take the chance since I have no idea if this is true or not.

I remember that a few years ago there were some supposedly "free" online photo storages places, the ones that about a year or two later would email you a notice telling you that in a certain period of time, maybe by the end of the year, you would have to pay for your account? This is pretty much what Apple does with iCloud, except that there are a few options you can choose from in the iPhone's settings. But there are a lot of users that by the time they have figured that their "free" iCloud storage is full, and that the the photos in their iPhones are small versions of the original, then there are two choices to make: Increase the iCloud storage to make room for more photos (pay for storage), or to download the full-size original photos to your iPhone. Before you do that, you have to make sure that you iPhone has sufficient storage room. Otherwise you have to download them to another device.

What I do is to refuse iCloud, and backup my iPhone to my laptop. But even so, on every iOS update I find that some of the settings in my iPhone have changed by the new update, and most likely the settings that have changed are related to iCloud storage (Photos, Data, Contacts, and every app in your phone).
 
Last edited:
  • Like
Reactions: Mity
Mity said:
I guess. The word hacking appears quite frequently here: https://en.wikipedia.org/wiki/Social_engineering_(security)

I'm not an expert on this but hacking would probably be anytime someone uses someone else's credentials without that person's permission. In both of the articles I linked, the person pretended to be Apple Support to get passwords. In the celebrity case, he sent out emails from a fake Apple domain and in the second he pretended to be an Apple employee over the phone. I'm not sure what technically qualifies as what.
Click to expand...
There are some details about AI being used for scamming people (at Norton, but keep in mind that Norton's security is not free):
us.norton.com

The new face of cyber threats—AI, deepfakes, and scams

Gen Threat Labs researchers reported that scammers have been exceedingly active, innovating new techniques and exploiting AI capabilities.
us.norton.com us.norton.com
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back