Image credit: Hype.my
Revealing photos of several Hollywood actresses were released on to the internet over the weekend after a hacker managed to overcome the security on Apple’s iCloud. The company is now actively investigation the breach in an attempt to prevent future attacks from happening. No details of the hack have been made public, although it appears that Apple has patched the flaw in the system.
The hacker behind the attack is thought to have not needed any sophisticated attack techniques and relied purely on brute force to gain access to the cloud storage service. The Next Web reported that there may be a link between the attack and a new app appearing on GitHub known as iBrute. This app used a flaw in the Find My iPhone app that allowed unlimited password guesses to continually input the most common passwords on the internet until it found a match.
iBrute was created by Russian security researchers as a proof of concept at a security conference in St. Petersburg in early August; although the app itself did not appear on GitHub until last week. While there is no proof that this was the tool that enabled the hack, Apple appears to have patched the vulnerability as of yesterday.
Some security commentators are of the opinion that the attack could have been thwarted by implementing two step verification in addition to a password. iCloud has the option; however, most users are either unaware of the the additional layer of security or simply do not enable it due to the extra step needed to access their accounts. This is not the first time that Apple’s public cloud storage service has been hacked, and this most recent event should at least convince some users to take extra precautions with their own online accounts.