Previewed at WWDC, launching in the fall.
Apple Reportedly Aware of iCloud Flaw Six Months Before Hacking of Celebrity Accounts
Apple knew about an iCloud security flaw six months before it was utilized to hack celebrity accounts on the service, reports The Daily Dot. The company was notified of the exploit by independent security researcher Ibrahim Balic, who shared emails between himself and members of Apple's product security team.
In an email from March 2014, Balic told Apple that he was able to bypass the security of any iCloud account by using a "brute-force" hacking method that was able to try over 20,000 password combinations. Balic recommended to Apple that it should implement a feature in iCloud that prevents log-ins after a set number of failed attempts, and even reported the exploit through Apple's Bug Reporter. Balic was also the developer said to be behind the extended outage of Apple's Dev Center last year.
In May 2014, Apple emailed Balic and questioned the validity of the exploit, stating that it "would take an extraordinarily long time" to find a valid authentication token to get into an iCloud account using the flaw. Balic states that Apple continued to ask him about the exploit and how it would be utilized.
On September 1, 2014, hackers breached the iCloud accounts of many well-known actresses, downloading and leaking private photos and videos. While it was not initially known what caused the breach, The Next Web linked to a Python script on Github that may have been used for the hacking. The script utilized a brute-force like method which allowed hackers to keep guessing passwords without being locked out.
Apple acknowledged later in the day that it was investigating the breach, ultimately leading to comments from CEO Tim Cook along with new security implementations. Those implementations included automatic emails when iCloud accounts are accessed via web browsers, automatic two-factor authentication for iCloud.com, and mandatory app-specific passwords for third-party apps accessing iCloud.
[ 245 comments ]
Top Rated Comments
(View all)
50 months ago
I'm waiting or the not Apple's fault crowd.
I love apple products, the culture, heck I love everything about apple EXCEPT the excuses made for them. Apple prides itself on excellence. Until they no longer make quality and excellence a selling point their customers need to demand it and call them out when they under perform.
Making excuses for mistakes & sloppy work will not help Apple.
I love apple products, the culture, heck I love everything about apple EXCEPT the excuses made for them. Apple prides itself on excellence. Until they no longer make quality and excellence a selling point their customers need to demand it and call them out when they under perform.
Making excuses for mistakes & sloppy work will not help Apple.
50 months ago
Wow, more good news for apple. They're really hitting their stride with bad press lately.
Bending phone
iOS 8.01 bug that should not have been rolled out
iCloud security issues that should have been addressed sooner.
Bending phone
iOS 8.01 bug that should not have been rolled out
iCloud security issues that should have been addressed sooner.
50 months ago
Not surprising considering Apple fumbles their core tasks such as putting out maintenance release without properly testing them.
50 months ago
LOL, apple realy is on a roll lately. Leaked pics, great keyonte stream, bend gate, ios8 and 8.0.1.
Bravo, well deserver Thanksgiving break ;).
Bravo, well deserver Thanksgiving break ;).
50 months ago
Surely wouldn't trust them with Apple pay now, imagine your credit card information stolen. :rolleyes:
50 months ago
This was a targeted phishing exercise over the course of months if not years.
Email accounts etc from many different services were hit, there was no 'hacking' that occured.
Could Apple have had alerts in place telling people accounts we're being accessed from the start - for sure. But weak passwords and weak answers to security questions when you're in the public eye won't ever stop someone gaining access to your account.
It's a shame that not only have the victims of the leaks been blamed for ever having personal things - irregardless of where they're shared, but that only Apple seems to be singled out as being 'hacked'. The latest leak of Kim Kardashian (Checked, for science) clearly shows her taking photos on a Blackberry - do Blackberries sync to iCloud? And yet blackberry are very well known for their security chops, but I haven't seen a single article talking about Blackberry being 'hacked'... Why? Because no one really cares about Blackberry, it's not good news to create a story about kicking a dead dog.
Email accounts etc from many different services were hit, there was no 'hacking' that occured.
Could Apple have had alerts in place telling people accounts we're being accessed from the start - for sure. But weak passwords and weak answers to security questions when you're in the public eye won't ever stop someone gaining access to your account.
It's a shame that not only have the victims of the leaks been blamed for ever having personal things - irregardless of where they're shared, but that only Apple seems to be singled out as being 'hacked'. The latest leak of Kim Kardashian (Checked, for science) clearly shows her taking photos on a Blackberry - do Blackberries sync to iCloud? And yet blackberry are very well known for their security chops, but I haven't seen a single article talking about Blackberry being 'hacked'... Why? Because no one really cares about Blackberry, it's not good news to create a story about kicking a dead dog.
50 months ago
Now, the iCloud security issues are indeed worrying if Apple knew about them 6 months before. Most people use rather weak passwords such as Password123, but still that's not excuse for ignoring a reported security flaw..
If your password is Password123, any loss of data is really self inflicted and you have nobody to blame.
50 months ago
Bentgate isn't really an issue, I think... I mean, if you apply lots of pressure to an aluminium phone, it will bend. That's not an issue, it's just physics. It's like all the drop tests: if you drop a glass item on the floor several times, the odds are it will break.
I still fail to see why this is an issue, but then again most people nowadays lack common sense.
It depends how easily it bends. Most phones can be bent when there's enough force and that's acceptable. However, if the phone bends in totally normal use conditions, then that's an issue.
[ Read All Comments ]
Uber this week announced a partnership with startup "Cargo," which aims to increase the wages of rideshare drivers by providing them with small containers filled with goods that riders can...
Dish today announced that its customers can now start support conversations using Apple Business Chat, a feature that Apple launched in iOS 11.3 in March that lets users interface with businesses...
In iOS 12, Apple's digital health push includes a couple of special new features for iPhone and iPad users who want to cut down on their app usage: App Limits and Downtime. In this article,...
The latest proposed U.S. tariffs on $200 billion of Chinese goods name Apple Watch and other activity trackers assembled in China, according to government rulings. Reuters reports the latest...
WhatsApp says it is limiting the ability to forward messages to multiple chats at once in an attempt to reduce the spread of spam and misinformation.
The news follows WhatsApp's recent...
Popular third-party password manager 1Password received an update today that takes the iOS app to version 7.1 and introduces Markdown support in secure notes, stickers for Messages, and a couple of...
Each year, the iPhone Photography Awards (IPPA) highlights the best photographs captured with an iPhone over the course of the year. This year's winners were announced yesterday, with the winning...
Instagram today announced the launch of a new feature that's designed to let you know when your friends are active on the social network. When a friend is online, their profile picture will be...
