A few days ago a group calling themselves hackappcom posted a proof
of concept script on the popular code repository called Github that
would allow for a user to attempt to breach iCloud and access a user
account. This script would query iCloud services via the “Find My
iPhone” API to guess username and password combinations. The problem
here was that apparently Apple AAPL -0.74%
was not limiting the number of queries. This allowed for attackers to
have numerous chances to guess password combinations without the fear of
being locked out.
This script was an output from a talk that was given by Andrey Belenko and Alexey Troshichev called, “iCloud Keychain and iOS 7 Data Protection” at the Russian Defcon Group DCG#7812. Based on the note that they posted after the news of the breach started to circulate, they were rather upset that their script was being used to a malicious end.
"In justification I can only mention, that we only described the way HOW to hack AppleID. Stealing private “hot” data is outside of our scope of interests. We discuss such methods of hacks in our’s narrow range, just to identify all the ways how privacy can by abused.
For everyone, who was involved in this incident, I want to remind, that today we are living in Brave New Global World, when privacy protection wasn’t ever so weak, and you have to consider, that all you data from “smart” devices could be accessible from internet,which is the place of anarchy, and, as result, could be source of undesirable and unfriendly activity."
The law of unintended consequences at its finest.
As a result, some ne’er do wells accessed the accounts of some
Hollywood actors and leaked their personal pictures online. So, why were
these pictures in iCloud? For those of you who may be unaware, iCloud
is a service that is offered by Apple to backup data from a user’s
iThinger of choice. This service could allow a person to backup their
email, contacts, calendars, notes, passbook, keychain and photos to name
a few. In the case of a large group of celebrities their data was
breached when attackers gained access to their accounts. An unfortunate
outcome to say the least.
I nervously checked the settings on my iPhone after news of this
incident broke only to find that no, I was not using the service. No
nude photos of me. Trust me, that’s a blessing.
While this incident has unfortunate ramifications for the victims it has been a great wake up call for others thanks to the huge amount of press coverage. This is an excellent opportunity for people to clean up their password practices and improve their personal security posture. So, how does one avoid this sort of problem? Well, there are few things that you can do to help to potentially avoid this type of end result. First off you can enable two factor authentication on your iCloud account. Once this is enabled a user would receive a four digit SMS message with a code to input in addition to their password. This way, if a password is compromised the attacker would still need an SMS code to gain access to the user account.
A second thing to keep in mind is the use of a strong password. Using one such as “password1” is simply inviting disaster. You’d be better served using a password such as “hGYcq6QE6agG8[N&j+a.” or better still, a pass phrase.
The last piece to take into account is making use of a password manager. This is a piece of software that can manage your passwords for you securely. There are excellent products out there that can do this for you such as 1Password from Agilebits, Keepass and Lastpass to name a few.
Photo Of Celebrities
1. Jennifer Lawrence
2. Kate Upton
3. Victoria Justice
4. McKayla Maroney
While this incident has unfortunate ramifications for the victims it has been a great wake up call for others thanks to the huge amount of press coverage. This is an excellent opportunity for people to clean up their password practices and improve their personal security posture. So, how does one avoid this sort of problem? Well, there are few things that you can do to help to potentially avoid this type of end result. First off you can enable two factor authentication on your iCloud account. Once this is enabled a user would receive a four digit SMS message with a code to input in addition to their password. This way, if a password is compromised the attacker would still need an SMS code to gain access to the user account.
A second thing to keep in mind is the use of a strong password. Using one such as “password1” is simply inviting disaster. You’d be better served using a password such as “hGYcq6QE6agG8[N&j+a.” or better still, a pass phrase.
The last piece to take into account is making use of a password manager. This is a piece of software that can manage your passwords for you securely. There are excellent products out there that can do this for you such as 1Password from Agilebits, Keepass and Lastpass to name a few.
Photo Of Celebrities
1. Jennifer Lawrence
2. Kate Upton
3. Victoria Justice
4. McKayla Maroney