iCloud is under attack yet again, this time from a brute force tool by the name of iDict. Using a dictionary full of common passwords, it is able to guess repeatedly at a password until it gets in to a target account, without being locked out under Apple restrictions. The tool was created by a developer known as Pr0x13 and has now been uploaded to GitHub, according to the developer to make Apple patch what is an obvious security flaw.
Image : iDict Hacked Celebrity Accounts
It’s now been confirmed that iDict is the tool that was behind the celebrity photo leaks in September. Hundreds of private images, taken with iPhones, were stolen and uploaded to the internet in a series of embarrassing hacks that resulted in both police and FBI investigation.
Shortly after this, Apple announced that they had tightened up security on iCloud with an automatic lockout after 5 wrong attempts at logging in. While this does work for anyone who tries to log in from a computer, it doesn’t work on an iPhone and, as this is what iDict pretends to be, it’s clear that Apple hasn’t done enough to secure what is a core feature of their iOS and OS X software.
iDict only attacks accounts with weak passwords but there may well be other hackers with much larger dictionaries that can just keep hacking away until they get in and these people won’t think twice about stealing your data. In a parallel move, the Photos web app has also disappeared from the iCloud website but it’s not known if this is a coincidence or related.
Image : iDict Hack Tool
The easiest way to protect yourself is to change your password immediately to something less obvious and make sure you enable two-step verification.
Get iDict News Alert – Subscribe Below: