Passwords iCloud accounts were to determine via brute-force attack




It would have been to conduct an iCloud account using the Find My iPhone service from Apple. From a brute-force attack possible The company turned to this service have built. No protection against brute-force attacks

Last weekend appeared a Python script online that it was possible to perform the brute-force attacks discovered The Next Web first. That was because the api of the Find My iPhone service lacked protection against brute-force attacks. Meanwhile, Apple has solved the security problem. A test of Tweakers indicates that an attack now after about thirty attempts repulsed. It attacked iCloud account is then put on lock.

In brute-force attacks, an attacker trying numerous passwords automated off. Although the vulnerability was located in the Find My iPhone service from Apple, an attacker with the outdated password could then log on other Apple services, including iCloud. It is not known exactly how long the vulnerability existed.

An attacker could then take even if he or she is two factor authentication enabled. Accessing someone’s personal files It should someone not only to enter a password when logging in, but also a code that is sent by SMS or generates. App Last year discovered a security researcher that the protocol used for Apple iCloud backups not support two-factor authentication is: an attacker would that backups can therefore identify with just a password. There is even a tool on the market that it automates.

The vulnerability in Find My iPhone comes to light when nude photos of several celebrities, including Jennifer Lawrence, Kate Upton and Selena Gomez, have appeared on the internet, writes include BBC. Rumor has it that those pictures are captured from iCloud, but that is not confirmed yet. So it is not known whether there is a connection with the vulnerability.


In: Technology & Gadgets Asked By: [ Grey Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »