Printed from http://www.electronista.com

Python script attacking Find My iPhone may be behind celebrity leaks

updated 01:13 pm EDT, Mon September 1, 2014

Vulnerability in Find My iPhone authentication system patched today

A script which allowed access to iCloud servers may have been behind the recent celebrity photo leaks, a report suggests. A Python script which discovered the password of an iCloud account has surfaced, with an apparent vulnerability in Find My iPhone potentially allowing attackers to "brute force" attack an account without any lockout or warning to the account owner.

The script was posted on GitHub on Monday, reports The Next Web, and heavily relied on Find My iPhone's lack of restriction on the number of attempts. Once the account password was found, the attacker could then use the complete set of credentials to access other Apple services including iCloud. According to the report, the script owner discovered Apple had patched the vulnerability earlier today, with the service now locking users out after five attempts.



The creator, a Twitter user by the name of Hackapp, said the bug "is common for all services which have many authentication interfaces," and it is "trivial" to find them using a "basic knowledge of sniffing and reversing techniques."

While the timing of the script's appearance coincides with that of the celebrity leaks, there is no direct evidence tying the two together. Apple has yet to comment about the allegations.



By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

Blue's Mikey Digital

Blue Microphones, a company that makes some of the most popular digital USB microphones among podcasters and musicians, has for some t ...

Sponsor

toggle

Most Commented

 
toggle

Popular News