Hackers Release Tool to Exploit iCloud Accounts

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,400
We sure hope all of those celebrities and famous people who just can’t seem to stop taking selfies of themselves and uploading to the iCloud have taken steps to remove them. There may be an even bigger hack attack coming in the near future, larger than the last one by a mile. An exploit tool called iDict was released this week on the Internet which can waltz right through the best of Apple’s defenses.

The tool is described as a 100% working iCloud Apple ID dictionary attack that bypasses account lockout restrictions and secondary authentication on any account.
 
Never understood why people compulsively put their photographs, especially selfies, on a storage device that is neither their computer nor their phone, that's asking for trouble....
 
Never understood why people compulsively put their photographs, especially selfies, on a storage device that is neither their computer nor their phone, that's asking for trouble....

I don't think most people even realize what they're doing.
 
Never understood why people compulsively put their photographs, especially selfies, on a storage device that is neither their computer nor their phone, that's asking for trouble....
I'm thinking narcissism. They are their own brand and are always in need of promoting themselves. So taking selfies, even though it's intended to be private or for their SO, is an extension of that trait. That is my guess anyways.
 
525888036a38fec4c3ecf1be585a34fc.gif
 
I don't think most people even realize what they're doing.
THIS!
Its not because everybody can use it that everybody understand it. Hell probably less than 25% of Apple users understand how computer, phone, etc really works.
 
Oh, not this again. OK, fellas, here's how this works: someone guesses your iCloud password, or resets it by guessing your security questions using available information. This is how the celebrities were "hacked"; people Googled their publicly available information and used it to guess their password reset questions. Once they're in to your account, they restore from the backup of your iCloud device, and voila, they have everything you do on your phone.

The fix is simple: use two-factor authentication. Also, don't use easily guessed answers for your security reset questions.

Hell probably less than 25% of Apple users understand how computer, phone, etc really works.

Why single Apple users out specifically? If ~25% of Apple users understand how their equipment works, that's a hell of a lot more than the average Windows user. (Source: I work in IT. It hurts me.)
 
Why single Apple users out specifically? If ~25% of Apple users understand how their equipment works, that's a hell of a lot more than the average Windows user. (Source: I work in IT. It hurts me.)

I would say that that is complete bullshit.
 
Why single Apple users out specifically? If ~25% of Apple users understand how their equipment works, that's a hell of a lot more than the average Windows user. (Source: I work in IT. It hurts me.)
As much as I hate Apple, in this comment I didn't want to bash their user directly. I said Apple simply because this is about an Apple service (iCloud). But you are right, this invented statistic is true about pretty much any product/service used by masses. And the real number is probably a LOT lower than 25% :p
 
Never understood why people compulsively put their photographs, especially selfies, on a storage device that is neither their computer nor their phone, that's asking for trouble....

Cause its Apple, and anything that they make "just works without giving me any problems", unlike PC's and Android phones :rolleyes:
 
THIS!
Its not because everybody can use it that everybody understand it. Hell probably less than 25% of Apple users understand how computer, phone, etc really works.

Bingo!

Most the iPhone users in my company are in sales or marketing, and many of them don't know how to even copy a picture off their phone. They use whatever settings where setup by the person in the store when they bought the phone or upgraded from their last phone.

On the other hand, most the tech types in my company use Android, and can easily copy pictures, movies, etc. to and from their phones.
 
Google is just as guilty of Apple. The idea of a photo by default being uploaded to the internet without human intervention is asinine. They don't do near enough to publicize this to the user.
 
The answer to this isn't necessarily to quit using Apple's Cloud (though I would never encourage its use). The answer is for phone users to give a shit about the passwords they're using to secure their accounts. An easy-to-remember multiword nonsense phrase would be sufficient to make a dictionary attack impractical.

Then again, they'd probably use the same password to secure their My Little Pony fan forum account, so maybe it wouldn't offer much security.

Then for a third time, it's pretty dumb if Apple's security can't cope with brute force attacks. Shouldn't this issue have been resolved around the time of the release of Wargames?
 
Google is just as guilty of Apple. The idea of a photo by default being uploaded to the internet without human intervention is asinine. They don't do near enough to publicize this to the user.

Have you used the Android version of this? It actively warns you and asks you to say "yes" or "no" to sync photographs.

I have not used the apple version however from the amount of issues people appear to be having im guessing there's no "are you sure" dialog.
 
and can easily copy pictures, movies, etc. to and from their phones.

And why exactly do you let your users abuse their work phones in this way? To me it seems like a good reason not to give them Android phones!
 
Have you used the Android version of this? It actively warns you and asks you to say "yes" or "no" to sync photographs.

I have not used the apple version however from the amount of issues people appear to be having im guessing there's no "are you sure" dialog.

Yep it doesn't ask anything after you've enabled the cloud sync in the settings. Apple user experience is not filled with tick boxes and notifications.
 
Never understood why people compulsively put their photographs, especially selfies, on a storage device that is neither their computer nor their phone, that's asking for trouble....

All your selfies belong to us?

Really, oh noes your selfies are on the interwebz!

Honestly my photos are last piece of information I care about being on the net. Oh no, people will find out I am a Star Wars nerd, complete the 12" dollies and miniature fighters game!

Opps they will find out I spent christmas with 4 other people and there was a christmas tree there with LIGHTS!

So I don't really give a rats ass if my pictures are on the internet. I WOULD have problems if I lost my photos though... that is where having them on the internet is a feature for me. I love my photos are uploaded to Google Drive and either me or the misses can use picasa to edit/delete them etc.

Now I agree if you have photos you absolutely want private (even from some small % chance of hacking) then you might want to invest in local storage.
 
Thought this had already been patched... anyway, another reason for 2 factor auth
 
And why exactly do you let your users abuse their work phones in this way? To me it seems like a good reason not to give them Android phones!

They are personal phones, not company phones.
It's a small company, and many are allowed to access the company email from their personal phones.
As the system admin that's why I know what types of phone most of them have.
 
THIS!
Its not because everybody can use it that everybody understand it. Hell probably less than 25% of Apple users understand how computer, phone, etc really works.

I bet you could say the same for Android users as well. Remember, you and everyone here who likes to root is the minority of Android users. Don't forget that.
 
I bet you could say the same for Android users as well. Remember, you and everyone here who likes to root is the minority of Android users. Don't forget that.
If you would have bothered to look a couple of post down, you'd have seen I said exactly that...
 
I quote stuff as I read along, because if I do multi-quote and read the entire thread I forgot what I was going to say.
 
From URL https://github.com/Pr0x13/iDict, there are these two un-timestamped entries...


-=Reports coming in that Server is now Patched with Rate Limiter=-
-=Server Fully Patched, Discontinue use if you don't want to lock your account!!=-

YMMV with this.
 
Back
Top