Categories
Apple

iCloud hack: Python script used to exploit Find My iPhone service

A Python script freely available on Github may have been used in the iCloud hack that exposed explicit photos of celebrities including those of Jennifer Lawrence.

IA - TIME

Over the past 24 hours, the web has gone nuts over leaked photos of over 100 celebrities including of award-winning actress Jennifer Lawrence and Kirsten Dunst, purportedly due to an Apple iCloud breach. Following the much publicised leaks, reports has surfaced about a Python script on GitHub that may have allowed users to ‘brute force’ a user’s account password on iCloud due to a vulnerability in the Find My iPhone service.

Jennifer Lawrence
  • Save
This is what Jennifer would do to the hacker who leaked the photos.

A brute-force attack is in layman’s terms ‘forcefully and repeatedly guessing passwords’ in an attempt to discover the correct one, done via a malicious script.

Python iCloud
  • Save
The little script that could.

A flaw in the Find My iPhone service may have let hackers use the brute-force method to guess passwords repeatedly without bing locked out, or for the user to be notified of such attempts. Once breached, the hacker can then use it to fully access all iCloud functionality.

Apple seemed to have patched the hole as of today. Apple, however, has not commented on the incident.

There is still no concrete evidence that the leaked photos were obtained specifically via iCloud.

Hackapp, the creator of the Python script said that he has not seen any evidence of the the tool being used to exploit the iCloud flaw but admitted “someone could use this tool.”

Are you an iCloud user? Have you secured your password? Do you know where you’re backing up your photos to?

Source: The Next Web, Image credit: Hypable

Related stories

Advertisements
AT - Trapo

By Vernon

Vernon is the founder and chief editor of Vernonchan.com. A graphic designer by profession, he has a deep love for technology, cars, gadgets, food, and travel. He tweets too much and is also known as a caffeine bacterium ("life's too short for bad coffee"). Bleeds Blue (go Chelsea FC!) and considers BMW, Porsche, Alfa Romeo cars to have in the garage--for true petrolheads, that is.

Comments are closed.