Article Image
News Link • Hacking, Cyber Security

'Find My iPhone' exploit may be to blame for celebrity photo hacks (update)

Initial reports suggested that hackers targeted the iCloud accounts of the high-profile victims, and held eager would-be-viewers to ransom on notorious bulletin-board 4chan, demanding Bitcoin in exchange for a peek of the images (reportedly earning a princely $95 for their troubles). As yet though, no one has been able to confirm how the images actually leaked, but some keen programmers think they may have spotted at least one (now fixed) route into accounts.

The potential exploit relates to a project on the code hosting site Github called, imaginatively, ibrute. Just a day before the images leaked, the developers of ibrute announced a bug in the Find My iPhone service means it doesn't employ bruteforce protection (i.e. an attack can continue using different passwords until the right one if found). The implication is that this could give access to AppleIDs, and from there any number of avenues to compromise accounts become significantly more viable. It's certainly not the first intrusion issue with the service we've seen. If this was the flaw used, the hackers would have needed email addresses of celebrities. But, it's possible that only one address is needed, allowing to search inboxes for those of others in a domino effect.

Join us on our Social Networks:


Share this page with your friends on your favorite social network: