Apple has fixed an exploit in its Find My iPhone online service which came to light in some high profile hackings. Recently it was revealed that a hacker had leaked celebrity photos (some of them nude). It seems that the Hacker may have used Apple’s Find My iPhone online service to access the personal photos belonging to the celebrities.
Celebrities became aware that their personal photos had been compromised when the photos began to pop up all over the Internet. An Anonymous 4chan user claimed responsibility for the leaked photos saying he had accessed them from around 100 celebrity iCloud accounts.
Some of the stars who photos were leaked onto the Internet included:
• Jennifer Lawrence
• Ariana Grande
• Victoria Justice
• Kate Upton
• Kim Kardashian
• Kristen Dunst
• Selena Gomez
A code for an Apple ID password brute-force proof-of-concept was uploaded to GitHub (a code-hosting site). It is believed that the code was used to exploit a security hole on the Find My iPhone sign in page that allowed the hacker to access accounts by use of “brute-force”. Normally after a certain amount of failed amount of attempts to enter the right password, the account would be locked as a security measure. However the code allowed hackers to continually try different password combinations until the correct one was used granting the hacker access to almost 100 iCloud accounts belonging various celebrities. Emails supplied the hacker with the additional information needed to access the accounts. The hacker was able to gain user names through the Email accounts that are made public any time they are used.
Apple has announced that they patched the security hole on the Find My iPhone sign in page restricting the brute-force attempts and locking the page after a certain amount of failed login. This stops hackers from using tools that test thousands of passwords against a user’s account until the hacker gains access.
No confirmation has been made linking the release of the brute-force code to the leaked photos, yet there is no denying the timing of the two incidences are highly suspicious to say the least.
This incidence could not have come at a worse timing for Apple as it is scheduled to release the iPhone 6 later this month. Speculations have started to arise on the possibly of sales taking hit due to this incident. This could spell trouble for Apple who is already fighting hard against other competitors to hold its share of the market in smartphone sales.
Bad as it may sound the situation could have been a lot worse for Apple if the hackers had chosen to access even more information like emails, contacts, or even calendar schedules of celebrities. Information like calendar schedules of celebrities could actual put the safety of celebrities at risk if the information would have fallen into the wrong hands.
Apple is also conducting their own investigation to find out where the hack originated from. Now that the problem has been fixed, it is time to find the culprit. While they’re still not giving out any information Apple has advised users to enable two-step authentication. This adds a second layer of protection to your iPhone making it nearly impossible for hackers to get in.
About of the Author:
Stephanie is an avid freelance writer for EZ Buys Direct, an online retailer of cutest iPhone 5 Cases. She writes about all things Apple and emerging mobile technology. Her hobbies include movies, traveling and spending time with her two cats.