Printed from http://www.electronista.com

Python script attacking Find My iPhone may be behind celebrity leaks

updated 01:13 pm EDT, Mon September 1, 2014

Vulnerability in Find My iPhone authentication system patched today

A script which allowed access to iCloud servers may have been behind the recent celebrity photo leaks, a report suggests. A Python script which discovered the password of an iCloud account has surfaced, with an apparent vulnerability in Find My iPhone potentially allowing attackers to "brute force" attack an account without any lockout or warning to the account owner.

The script was posted on GitHub on Monday, reports The Next Web, and heavily relied on Find My iPhone's lack of restriction on the number of attempts. Once the account password was found, the attacker could then use the complete set of credentials to access other Apple services including iCloud. According to the report, the script owner discovered Apple had patched the vulnerability earlier today, with the service now locking users out after five attempts.



The creator, a Twitter user by the name of Hackapp, said the bug "is common for all services which have many authentication interfaces," and it is "trivial" to find them using a "basic knowledge of sniffing and reversing techniques."

While the timing of the script's appearance coincides with that of the celebrity leaks, there is no direct evidence tying the two together. Apple has yet to comment about the allegations.



By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a fort ...

Sponsor

toggle

Most Commented

 
toggle

Popular News