toggle

AAPL Stock: 114.64 ( -3.8 )

Printed from http://www.macnn.com

Python script attacking Find My iPhone may be behind celebrity leaks

updated 01:13 pm EDT, Mon September 1, 2014

Vulnerability in Find My iPhone authentication system patched today

A script which allowed access to iCloud servers may have been behind the recent celebrity photo leaks, a report suggests. A Python script which discovered the password of an iCloud account has surfaced, with an apparent vulnerability in Find My iPhone potentially allowing attackers to "brute force" attack an account without any lockout or warning to the account owner.

The script was posted on GitHub on Monday, reports The Next Web, and heavily relied on Find My iPhone's lack of restriction on the number of attempts. Once the account password was found, the attacker could then use the complete set of credentials to access other Apple services including iCloud. According to the report, the script owner discovered Apple had patched the vulnerability earlier today, with the service now locking users out after five attempts.



The creator, a Twitter user by the name of Hackapp, said the bug "is common for all services which have many authentication interfaces," and it is "trivial" to find them using a "basic knowledge of sniffing and reversing techniques."

While the timing of the script's appearance coincides with that of the celebrity leaks, there is no direct evidence tying the two together. Apple has yet to comment about the allegations.




by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

HP 14-x030nr 14-inch Chromebook

If you're like us, chances are you've come to realize that you need the ability to access the Internet on the go. Also, you've prob ...

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

toggle

Most Commented