Apple reportedly patches Find My iPhone vulnerability to hack Apple ID accounts

By , Sep 1, 2014

Find My iPhone situation

According to The Next Web this morning, Apple has allegedly patched a security hole in the Find My iPhone service which allowed nefarious users to brute-force Apple ID passwords, according to Twitter user @hackappcom who posted a proof of concept titled ‘iBrute’ to GitHub on Saturday.

This should be good news for celebrities who reported their iCloud accounts being hacked and saw their nude pictures posted online.

As Cody told you yesterday, Academy Award winner Jennifer Lawrence and several other celebrities found themselves in the middle of a major nude photo leak after attackers apparently exploited a vulnerability in Apple’s Find My iPhone service.

@hackappcom this morning updated his post with a line suggesting that Apple fixed the security hole at 3:20am PT. ”The end of fun, Apple have just patched,” reads the post.

After testing the attack method only to see their Apple ID locked after five unsuccessful attempts to guess the password, the publication came to the conclusion that Apple has in fact patched the hole.

Apple ID disabled (image 001)

The Independent said today Apple’s “refused to comment” on any security flaw in iCloud.

The vulnerability apparently takes advantage of a Python script that employs an automated dictionary attack to guess a user’s iCloud/Apple ID password.

The problem with Find My iPhone lies in the fact that the service does not lock out after a few unsuccessful attempts, allowing attackers to repeatedly try to match a user’s Apple ID/iCloud password.

Once Apple ID/iCloud credentials have been obtained, attackers can log in to various cloud service and retrieve photos, contacts, emails and other data.

  • Share:
  • Follow:
  • Ваше Онтатиле Масвибилили

    well…its about time

  • Aneeq Naqvi

    Still I was able to see Jenifer Lawrence today! :D

  • Parth Patel

    It’s pretty dissapointing that a company who always touted about their high level of security and privacy to have such high profile security issues. This is not the first time somebody’s iCloud got hacked but i hope its the last.

    • Rowan09

      Nothing is unhackable. Anonymous hacked the FBI, CIA, etc in the past, so everything can be hacked.

      • Parth Patel

        I know right? But i have high expectations with Apple especially in terms of security.

      • o_O

        You think Apple has better security than the FBI and CIA? Are you mad?

      • Parth Patel

        I never said that… I just expect them to improve iCloud security and reliability so that such high profile hacks don’t happen again.
        And also make iCloud easy to understand because its still very confusing. I mean you can ask random people on the street ‘What’s iCloud ? Half of the people will say ‘I don’t know’.
        Am i expecting too much from Apple?

      • Eni

        It has to be hacked to be improved.

      • appletimemac

        Are you daft? Do you even know the amount of man hours it takes to create a service as large as iCloud, let alone one that has all the colons and closes tags in all the right places? Stuff happens.

        And that’s because people are too lazy and stupid to do some research on anything anymore. They want instant gratification and aren’t willing to put in any work to better their own knowledgebase.

      • Nate McKelvie

        Yes you are expecting too much. You would be expecting too much to expect ANY online service to be unhackabl

      • moofer

        Were you personally hacked? Where can I find naked pictures of you?

    • Maxim∑

      It’s not the last. There will never be a last, the guy brute forced into the stars account thanks to Apple not putting an account lockout threshold on find my iPhone. He probably got the emails from the emmys, then once he got the actual password and email he signed into iCloud control panel on windows with them and began to copy the photos out individually.

      Obviously these stars had some pretty weak passwords because the hacker most likely didn’t have a super computer. On a normal machine its usually several thousand passwords per second

      • toortoor

        or

        the hacker has used another vulnerability to access iCloud, and this was released just to mislead apple when trying to find the security hole.

        otherwise apple does enforce relatively strong passwords and it’s unlikely brute force would have this much success.

        they just burned a vulnerability (brute-force) that is usually useless.

        they are probably saying ;)

        “oops, you found us, now relax, relax, and let it go :)”

  • Satrop 

    Let’s not forget that there is nothing such as a 100% secure. All security can be hacked. And let’s face it Apple is high profile enough to make it constant target.

  • Shankar Dasika

    “This should be good news for celebrities who reported their iCloud accounts being hacked and saw their nude pictures posted online”

    Like hell it would be.It is like a fair warning to celebs and people concerned about security to stay away from apple products

    • Rowan09

      Why would anyone put nude pictures in the cloud?

      • Guest

        ‘Cause they’re American?

    • Maxim∑

      LOL and go to Android? go troll somewhere else

      • Shankar Dasika

        Let’s face it dude people who trusted apple so much got trolled because of this leak.
        Android don’t joke it’s as pathetic as ios I am seriuosly considering getting a blackberry because of safety n security even it’s ecosystem is a joke and throw this iPhone out of window.

  • Someshwar

    Unlimited attempts ?? Seriously ?? Phew!!

    • Maxim∑

      if they had good password this wouldn’t have happened

      J-laws password was probably
      hungergamesgirl101

      • Someshwar

        Argh! No maxim, I guess allowing “unlimited attempts” is the culprit.

      • Maxim∑

        the guy was found already lol

  • Rares

    Luckily I saved those nudes for research :))

  • Chris Longden

    Well I guess if a celeb deletes a nude pic then decides they really wanted it anyway – there always a copy in the cloud now.

  • anonymous

    If I am not mistaken, this vulnerability has been public for a long time, even ih8sn0w addressed this at jailbreakcon this year. So the fact it took them this long to notice and patch this is ridiculous.

  • Dao Sasone

    I thought apple was all about security! ?!

  • vifish

    why the hell they keep nude pictures on icloud? its an open invite to anyone go there and get the photos

  • Eni

    The hacker that did this. apple never listen. they should.

  • https://twitter.com/MrElectrifyer MrElectrifyer

    Interesting, so there was never a limit to how many times someone can attempt to unlock your account? Then how the f*ck did my Apple ID get disabled in the past?

    • moofer

      Were you repeatedly trying to log in unsuccessfully via Find My iPhone? You know, because if you read the article, it says that was the service in question.

      • https://twitter.com/MrElectrifyer MrElectrifyer

        Nope, here’s a past thread (http://bit ly/1x2MONM) on what happened…

  • http://www.truffol.com Truffol

    I’m sure no one would store nudes in the cloud anymore after this episode…no matter how much more secure icloud will be after Apple fixes the bugs

  • hmm

    id love to see the pictureeeeesss!