+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Apple Just Patched A Security Flaw In iCloud That Could've Been Used To Hack Celebrity Accounts

Sep 1, 2014, 19:50 IST

Getty Images/Kevork DjansezianApple executive Eddy Cue introduces iCloud

Engadget reports that Apple has fixed a major bug in its Find My iPhone software that allowed hackers to gain access to iCloud accounts. The fix comes just hours after a hacker leaked hundreds of nude celebrity photos on 4chan in return for Bitcoin donations.

Advertisement

Apple's Find My iPhone login page was discovered to have been vulnerable to so-called "brute force" hacks. Hackers are usually locked out of sites if they try to gain access using multiple passwords, but it was discovered that the Find My iPhone API allows users to repeatedly try different passwords. Security researcher Alexey Troshichev revealed that it's possible to combine this exploit with a list of common passwords in order to make a tool that can gain access to iCloud accounts.

Here's the presentation by Troshichev that details the vulnerability:

Just two days after the security flaw was detailed on GitHub, Apple moved to fix the exploit. The "iBrute" vulnerability was patched after the news of the leaked celebrity photos emerged, although some Apple services in Europe remained open to brute force attacks.

So was Apple's Find My iPhone vulnerability to blame for the iCloud hack? The speech that outlined the vulnerability took place at the Def Con conference in Russia on Aug. 30, leaving potential hackers only a small period of time to exploit the vulnerability, unless they were already aware of the brute force exploit. Evidence suggests that the leaked celebrity photos were gathered over a period of weeks, or even years, instead of a quick one-day attack, meaning that there may be a completely different vulnerability in iCloud that has yet to be discovered.

Advertisement

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article