Apple May Have Known About iCloud Vulnerability Months Before Nude Photo Scandal


Immediately after the first huge batch of stolen photos of female celebrities in various states of undress hit the Internet, Apple rushed to defend itself, saying the massive theft was the result of clever guessing and lax security on the part of the affected users. But a new report claims that Apple was warned months earlier that this sort of data theft could happen.

The Daily Dot has obtained e-mails sent in March of this year by a UK software developer to Apple in which he details a way in which iCloud accounts could be compromised.


On March 26, he explains that he was able to get around a security feature intended to prevent hackers from repeatedly entering passwords until finally reaching the right one. These so-called “brute force” attacks are generally stopped by security protocols that prevent a user from logging in after a set number of failed attempts.


But the developer claims he figured out a way to try more than 20,000 different passwords on any iCloud account.


Apple later sent the developer questions about his claims, but it’s not know whether any action was taken in response to his bug report.


There is also the possibility that the vulnerability exploited by the hackers who stole the nude celebrity photos is not exactly the same one as detailed in the developer’s e-mails to Apple.


Apple claims that it has patched the problem that allowed the hackers to steal the photos and other files from iCloud accounts. It has also extended two-factor authentication, which requires that you enter a separate and unique four-digit code sent to the actual device every time you login to iCloud from a new location.




by Chris Morran via Consumerist

No hay comentarios:

Publicar un comentario