iCloud lacked brute force detection
By now, you probably know that a number of celebrities have been the target of a nude photo leak that has said to have lead to the leak of potentially hundreds of photos and videos. Of course, this vehement violation of human privacy is a despicable act in and of itself – the thought that there are individuals out there who would go to any length to obtain such photos and violate women (and men) is nauseating. But where there’s a will, there’s a way – and unfortunately, Apple seems to be at the center of that way.
According to new reports, the leak stem from a security issue that was previously present in Apple’s iCloud cloud storage system. iCloud automatically backs up a user’s photos (among other data) into the cloud, which can then be downloaded to any authorized computer capable of logging into the iCloud account. Hackers claim that Apple had failed to implement any sort of brute force detection software into iCloud’s login authorization, a loophole that enterprising hackers worked around using software called iBrute, which “guessed” at password combinations at a dizzying speed.
Essentially, in layman’s terms, that means that anybody with the knowledge of a celebrity’s iCloud email address would be able to keep guessing at their password until they hit on the correct password by chance, forever. A simple loophole, which Apple has reportedly now implemented, stops users from trying passwords after a couple of incorrect guesses. The new protection is similar to how Apple’s iOS software locks users out of devices after a number of incorrect passcode guesses.
While there’s yet to be any confirmation from either Apple or the supposed hacker that this method was the one used to illegally obtain the celebrity’s passwords, Apple has confirmed that they are investigating their role in the issue, if any. Still, the fact that this loophole existed and had been easily exploitable up until just today indirectly implies it could have been the root cause.