Guest
News
  •  paul
  • 50.2% (Neutral)
  • Member Topic Starter
2014-09-01T09:40:28Z
It's a little bit awkward when you're flipping through photos in front of a group and come upon that one sexy pose in skimpy clothing you forgot was on there, but imagine if someone hacked your phone and uploaded all your private photos for the entire world to see. Jennifer Lawrence and several other celebrities don't need to imagine because a flaw in Apple's Find My iPhone service may have allowed hackers to do just that.

According to various reports, someone posted a Python script on Github for a password brute force proof of concept to Apple's iCloud service. Brute force attacks use a script to continually guess passwords until it finds the correct one, and in this instance, it leveraged a vulnerability in Find My iPhone that allowed for repeated password guesses without locking out the hacker or notifying the user.

Jennifer Lawrence
Image Source: Flickr (Gage Skidmore)

A day after the code was posted to Github, celebrity photos began appearing on the web, including nude selfies, with anonymous 4chan users claiming to have plucked the photos from compromised celebrity iCloud accounts. According to ZDNet, other celebrity victims may have included Ariana Grande, Victoria Justice, Kate Upton, Kim Kardashian, Rihanna, Kirsten Dunst, and Selena Gomez, among others.

The author of the proof of concept isn't ready to concede that his tool is the likely culprit in all of this, though he does say it's a possibility. He told The Next Web, "I've not seen any evidence yet, but I admit that someone could use this tool."

Apple has rolled out a fix for the vulnerability so that when hackers try to brute force their way into someone's iCloud account through Find My iPhone, they're locked out after five unsuccessful attempts.
RiCoFrost
2014-09-01T19:31:09Z

Dam thats going to be a pretty big trust hit to apple users.

sevags
2014-09-01T21:19:52Z

This is why I've always told people NOT to backup photos to icloud. Nothing is safe, but any personal information should be kept locally! Or better yet mentally! Including those nude mental snapshots lol

realneil
2014-09-01T23:05:36Z

Putting your pictures 'out there' is really putting your pictures OUT THERE?

LOL!

madman777
2020-12-24T14:57:45Z
why would you put nude pics on icloud or any cloud.. everyone knows how secure anything online is..