You’re unlikely to have missed the major scandal which hit the net over the weekend, whereby naked pics of various celebs taken in private (some of which are confirmed to be real) were (and still are) being hawked about for anyone to view – allegedly originating from a breach of iCloud.
Yesterday, one of our articles made a call for Apple to make a statement on the sordid affair, and indeed Cupertino has now come forward and said it is investigating the allegations, according to Re/code.
An Apple spokeswoman told the tech site: “We take user privacy very seriously and are actively investigating this report.”
The FBI is also apparently looking into the matter.
More information has emerged about how the attack may have been carried out – apparently it was a pretty straightforward affair. The attacker may have used a piece of software called iBrute to brute-force iCloud accounts – the program simply continues to plug password after password in until it finds a successful match.
While not so likely to work with a good complex password that’s a mix of cases, letters, numbers and characters, we all know that many people have horribly weak passwords (or at least fairly weak ones).
The security issue on Apple’s part is that the company allows an unlimited number of incorrect password guesses – which is somewhat unbelievable. However, this issue has (unsurprisingly) now been fixed; you can no longer keep firing passwords away at a target iCloud account without being cut off.
On the victim’s part, as noted they could have chosen a more secure password, or more importantly they could have enabled two-factor authentication on their account. This applies a second line of security after the password (such as, for example, a one-time numeric code texted to the account owner’s phone). Without the second factor, the attacker still can’t gain access.
Given the number of hacking incidents these days, it’s well worth thinking about setting up two-factor authentication for the more important websites and services you use – if they support it, that is. We’ve got a handy guide on this which you might want to take a look at: Two-factor authentication: Which websites offer it, and how to set it up.
Meantime, we’ll have to wait for the official results of Apple’s investigation to see what actually happened here, but whatever that may be, it doesn’t hurt to make yourself more secure…
The timing of the incident certainly isn’t great for Cupertino, which is apparently set to launch a new digital wallet along with the iPhone 6 next week.Leave a comment on this article