iCloud hack: Python script used to exploit Find My iPhone service

Jennifer Lawrence
This is what Jennifer would do to the hacker who leaked the photos.

Over the past 24 hours, the web has gone nuts over leaked photos of over 100 celebrities including of award-winning actress Jennifer Lawrence and Kirsten Dunst, purportedly due to an Apple iCloud breach. Following the much publicised leaks, reports has surfaced about a Python script on GitHub that may have allowed users to ‘brute force’ a user’s account password on iCloud due to a vulnerability in the Find My iPhone service.

Jennifer Lawrence
This is what Jennifer would do to the hacker who leaked the photos.

A brute-force attack is in layman’s terms ‘forcefully and repeatedly guessing passwords’ in an attempt to discover the correct one, done via a malicious script.

Python iCloud
The little script that could.

A flaw in the Find My iPhone service may have let hackers use the brute-force method to guess passwords repeatedly without bing locked out, or for the user to be notified of such attempts. Once breached, the hacker can then use it to fully access all iCloud functionality.

Apple seemed to have patched the hole as of today. Apple, however, has not commented on the incident.

There is still no concrete evidence that the leaked photos were obtained specifically via iCloud.

Hackapp, the creator of the Python script said that he has not seen any evidence of the the tool being used to exploit the iCloud flaw but admitted “someone could use this tool.”

Are you an iCloud user? Have you secured your password? Do you know where you’re backing up your photos to?

Source: The Next Web, Image credit: Hypable

Related stories

Vernon
Vernon is the founder and chief editor of Vernonchan.com. A graphic designer by profession, he has a deep love for technology, cars, gadgets, food, and travel. He tweets too much and is also known as a caffeine bacterium ("life's too short for bad coffee"). Bleeds Blue (go Chelsea FC!) and considers BMW, Porsche, Alfa Romeo cars to have in the garage--hallmarks of a true petrolhead.