The coverage of the leak of celebrity photos from Apple’s iCloud has been surprisingly free of blaming Job’s Mob for the leak.
In fact, some of the coverage has even praised Apple’s security for its magical encryption which apparently absolved Jobs’ Mob of all the blame for the hack.
The large-scale hacking found snaps on the accounts of Kim Kardashian, Rihanna, Cara Delevingne, Ariana Grande, Victoria Justice and Selena Gomez.
However Next Web has found proof hat the leaks were caused by a breach in Apple’s iCloud service.
A Python script emerged on GitHub that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find My iPhone service.
The vulnerability allegedly discovered in the Find My iPhone service appears to have let attackers use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the password has been eventually matched, the attacker used it to access other iCloud functions.
The tool was published for two days before being shared to Hacker News and Apple has moved to actually fix the hole.
Find My iPhone has been used before for such attacks. It that case hackers were holding victims ransom, locking their phones and demanding money in exchange for giving their phone back.
The Independent reported that Apple has “refused to comment” on any security flaw in iCloud today. So the Tame Apple press can go on telling users that Apple security is perfect.