Pages

vendredi 2 janvier 2015

Hackers Just Released A Tool That Could Jeopardise Everyone's iCloud Account

A hacker has released a tool that he claims can break into any iCloud account.


The tool, iDict, uses an exploit in Apple's security to bypass restrictions that stop most hackers from gaining access to accounts.


On iDict's GitHub page, user "Pr0x13" says that the exploit used to create the hacking tool is "painfully obvious," saying that it "was only a matter of time" before hackers used it to break into iCloud accounts.


The tool is described as "A 100% Working iCloud Apple ID Dictionary attack that bypasses Account Lockout restrictions and Secondary Authentication on any account."


There's no confirmation that iDict is indeed a working exploit, but users on Twitter and Reddit are claiming to have tested the tool and found it to work as described.


Here's what the iDict tool looks like when in use:


iDict iCloud hack


Apple has multiple ways to stop hackers from breaking into its online iCloud service. First off, it stops people from guessing passwords over and over again by blocking "brute force" attacks. Apple also lets people verify login attempts using their cellphone through two-factor authentication. Worryingly, iDict claims to bypass all of those security steps.


If iDict does work as described then there's very little that people can do to keep their account secure. Currently, the tool requires its users to know the email address associated with an iCloud account before it tries to hack into it. One way to make an iCloud account more secure is to use an email address that hasn't been shared online.


Meanwhile, questions are being raised why as to the hacking tool was released online at all. When security researchers uncover exploits in software or websites, they often privately report them to companies to avoid widespread use of security holes by hackers.


iCloud was the online service that hackers broke into last year in order to leak naked photographs of hundreds of celebrities online. Stars like Jennifer Lawrence and Kate Upton had their accounts broken into when hackers managed to bypass Apple's security question system. The company later rolled out improved security aimed at stopping hackers accessing accounts.


We reached out to Apple for comment on this story and will update if we hear back.


Join the conversation about this story »






















from Tech http://ift.tt/1xAhl6d
à

Aucun commentaire:

Enregistrer un commentaire