iDict Vulnerability In iCloud Has Been Patched By Apple
A new tool that could potentially be used to gain access to an iCloud account, named iDict, has been stopped in its tracks after Apple beefed up its security.
2014 was a tough year for Apple and its security teams after iCloud came under attack by both hackers and the public alike. The infamous celebrity ‘hack’ that saw a handful of celebrities’ have their private photos stolen and leaked online was the lowlight for a firm that has been so far relatively immune from such bad publicity, but it was by no means the only incident which caught everyone’s attention.
This past New Years Day a website was published which would make it possible for anyone to gain access to an iCloud account given enough time, with the trick being a good old fashioned use of raw processing power. Using a brute force attack, the person behind the tool claimed that his website would work through all possible password permutations and eventually find the right one.
That should not work for two reasons. First, Apple offers two-factor verification which we would hope everyone has turned on a this point. Second, Apple has carried out work in the past that should stop brute force attacks from being possible. Unfortunately, it was at least claimed, this tool bypassed both additional security measures.
But fear not, intrepid iCloud user, because it appears that Apple has now patched whatever hole the hacker was poking through. Apple itself has remained quiet on the whole thing, but the person involved in all of this has since tweeted that those looking to use his tool should not do so, or risk having accounts locked.
Apple doesn’t tend to comment on what it is doing to protect its users from such things, but with iCloud becoming an increasingly tempting target, it’s clear that Apple’s security teams are going to be amongst its busiest over the coming months and years.
However clever your iCloud password may be, it’s always a good idea to go the extra mile when it comes to security. And we’ve said it before and we’ll say it again, turn on two-step verification for your account and it will save you from a lot of trouble and embarrassment.