|
|
New iCloud account hacking tool dodges Apple safeguards
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
A new hacking tool available on GitHub is claimed to be able to brute-force access to an iCloud account in a way that avoids Apple safeguards. Dubbed iDict, the tool performs "dictionary" attacks on target iCloud email addresses. Normally these would be stopped by Apple's rate-limiting measures for logins, but iDict disguises itself as an iPhone, a device which for whatever reason is exempt from those limits. At present, the malware offers little threat, but could become more menacing.
In its current incarnation, the tool is believed to pose little danger to users. It has a dictionary of just 500 words, which should make any even mildly-complex password safe. Because the hack uses a simple trick, it should also be easily fixable by Apple.
At the same time, though, the company has yet to make that fix, and a third party could potentially take the GitHub source code and upgrade it with a bigger dictionary and/or a way of randomizing password suggestions. As always, strong passwords that rely on a mix of random letters and numbers, along with two-step verification, should nullify any risk.
(
Last edited by NewsPoster; Jan 3, 2015 at 07:56 AM.
)
|
|
|
|
|
|
|
|
|
hayesk
|
|
For now. When Apple gets light of this, they can easily rate limit iPhones.
In the meantime, use a strong password.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2008
Status:
Offline
|
|
Gosh, I better change my password from "password" to something new.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Jun 2000
Location: Sydney, Australia
Status:
Offline
|
|
Apple is seeming a bit sloppy on cyber security. Late to the game on 2-step verification, implemented only as a response to a very public incident, and more backdoors like this.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2006
Status:
Offline
|
|
Bummer. I am changing mine to 12345 (Spaceball).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|