iDict used a flaw in Apple’s system, which allowed to test dozens of different passwords without blocking the account.
A software widely circulated on the Internet Friday, January 2 allowed to connect to iCloud accounts of inadequately protected. iDict is the name of the software, allows testing to connect to any iCloud account with some 500 generic passwords. This type of attack, using a password dictionary, was blocked theory that Apple had set up a blocking account after 3 unsuccessful attempts. But here, iDict used a bug in this mechanism: it was impersonating an iPhone and Apple did not apply the restriction to requests from (or appearing to come) of its own phones. It was therefore possible for the software to do many tests without the account is locked.
Fortunately, the list of 500 passwords provided with the software included only very generic terms (P @ ssw0rd , Princess1, Iloveyou1, Pa55word, Sunshine1, Blessed1, password2, Spongebob1, Computer1, Metallica1, Whatever1, Gangsta1, Tiger123, Yankees1, Pickes1, Password1 !, Taylor13, Jesus1st, Bigdaddy1 …), so you do not to fear for your account if your password was more complex. However, it was possible for any developer to modify the list and to use more complex to target a particular account.
The flaw was corrected by Apple during the weekend. The question is whether malicious hackers have not managed to use to aim on behalf of one or more celebrities, which will only be known when photos or other incriminating emails are made public in the coming days. ..
No comments:
Post a Comment