+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Hackers Just Released A Tool That Could Threaten Everyone's iCloud Account

Jan 2, 2015, 18:08 IST

A hacker has released a tool that he says can break into any iCloud account.

Advertisement

The tool, iDict, uses an exploit in Apple's security to bypass restrictions that stop most hackers from gaining access to accounts.

On iDict's GitHub page, user "Pr0x13" says the exploit used to create the hacking tool is "painfully obvious" and that it "was only a matter of time" before hackers used it to break into iCloud accounts.

The tool is described as a "100% working iCloud Apple ID dictionary attack that bypasses account lockout restrictions and secondary authentication on any account."

There's no confirmation that iDict is indeed a working exploit, but users on Twitter and Reddit are claiming to have tested the tool and found it to work as described.

Advertisement

Here's what the iDict tool looks like when in use:

Apple has multiple ways to stop hackers from breaking into its online iCloud service. First off, it stops people from guessing passwords over and over again by blocking "brute force" attacks. Apple also lets people verify login attempts using their cellphone through two-factor authentication. But iDict purportedly bypasses those security steps.

If iDict does work as described, there's very little people can do to keep their account secure. The tool does require its users to know the email address associated with an iCloud account before it tries to hack into it. One way to make an iCloud account more secure is to use an email address that hasn't been shared online.

Meanwhile, questions are being raised why as to the hacking tool was released online at all. When security researchers uncover exploits in software or websites, they often privately report them to companies to avoid widespread use of security holes by hackers.

Advertisement

ICloud was the online service that hackers broke into last year to leak naked photographs of hundreds of celebrities online. Stars like Jennifer Lawrence and Kate Upton had their accounts broken into when hackers managed to bypass Apple's security-question system. The company later rolled out improved security aimed at stopping hackers from accessing accounts.

We reached out to Apple for comment on this story and will update if we hear back.


NOW WATCH: YouTube Superstar Bethany Mota Reveals Her 4 Favorite YouTube Channels

Please enable Javascript to watch this video

 

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article