It's a little bit awkward when you're flipping through photos in front of a group and come upon that one sexy pose in skimpy clothing you forgot was on there, but imagine if someone hacked your phone and uploaded all your private photos for the entire world to see. Jennifer Lawrence and several other celebrities don't need to imagine because a flaw in Apple's Find My iPhone service may have allowed hackers to do just that.
According to various reports, someone posted a Python script on Github for a password brute force proof of concept to Apple's iCloud service. Brute force attacks use a script to continually guess passwords until it finds the correct one, and in this instance, it leveraged a vulnerability in Find My iPhone that allowed for repeated password guesses without locking out the hacker or notifying the user.
Jennifer Lawrence
Image Source:
A day after the code was posted to Github, celebrity photos began appearing on the web, including nude selfies, with anonymous 4chan users claiming to have plucked the photos from compromised celebrity iCloud accounts. According to ZDNet, other celebrity victims may have included Ariana Grande, Victoria Justice, Kate Upton, Kim Kardashian, Rihanna, Kirsten Dunst, and Selena Gomez, among others.
The author of the proof of concept isn't ready to concede that his tool is the likely culprit in all of this, though he does say it's a possibility. He told The Next Web, "I've not seen any evidence yet, but I admit that someone could use this tool."
Apple has rolled out a fix for the vulnerability so that when hackers try to brute force their way into someone's iCloud account through Find My iPhone, they're locked out after five unsuccessful attempts.
Không có nhận xét nào:
Đăng nhận xét