That didn’t take long.
Engadget is reporting that Apple might have closed an exploit that allowed brute force attacks on the iCloud:
The potential exploit relates to a project on the code hosting site Github called, imaginatively, ibrute. Just a day before the images leaked, the developers of ibrute announced a bug in the Find My iPhone service means it doesn’t employ bruteforce protection (i.e. an attack can continue using different passwords until the right one if found). The implication is that this could give access to AppleIDs, and from there any number of avenues to compromise accounts become significantly more viable. It’s certainly not the first intrusion issue with the service we’ve seen. If this was the flaw used, the hackers would have needed email addresses of celebrities. But, it’s possible that only one address is needed, allowing to search inboxes for those of others in a domino effect.
It is possible that this is how hackers got the nude photos of celebrities that I reported on earlier today. Now if the timing of this fix may be coincidental, but I suspect that it has to do the aforementioned leak. Which makes me wonder why Apple didn’t fix this earlier as I have noted that this problem has been around for a very long time. But knowing Apple, we’ll never find out the reason why.
Like this:
Like Loading...
Related
This entry was posted on September 1, 2014 at 5:44 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Apple Has Closed A “Find My iPhone” Exploit That Might Have Led To Celebs Nudie Pix Being Leaked
That didn’t take long.
Engadget is reporting that Apple might have closed an exploit that allowed brute force attacks on the iCloud:
The potential exploit relates to a project on the code hosting site Github called, imaginatively, ibrute. Just a day before the images leaked, the developers of ibrute announced a bug in the Find My iPhone service means it doesn’t employ bruteforce protection (i.e. an attack can continue using different passwords until the right one if found). The implication is that this could give access to AppleIDs, and from there any number of avenues to compromise accounts become significantly more viable. It’s certainly not the first intrusion issue with the service we’ve seen. If this was the flaw used, the hackers would have needed email addresses of celebrities. But, it’s possible that only one address is needed, allowing to search inboxes for those of others in a domino effect.
It is possible that this is how hackers got the nude photos of celebrities that I reported on earlier today. Now if the timing of this fix may be coincidental, but I suspect that it has to do the aforementioned leak. Which makes me wonder why Apple didn’t fix this earlier as I have noted that this problem has been around for a very long time. But knowing Apple, we’ll never find out the reason why.
Share this:
Like this:
Related
This entry was posted on September 1, 2014 at 5:44 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.