A London-based security researcher made multiple reports to Apple that the company's iCloud service was vulnerable to brute-force password attacks months before the revelations that celebrities' iCloud backups were mined for intimate photos and videos. The Daily Dot reports that Ibrahim Balic sent descriptions of the vulnerability to Apple in March in addition to filing a report that the system leaked user data that could be used to mount such attacks. Balic attempted to reach out both via e-mail and through the company's Web-based bug reporting system.
In an e-mail dated March 26, Balic told an Apple employee:
I found a new issue regarding on Apple accounts (sic)...By the brute force attack method I can try over 20,000 + times passwords on any accounts. I think account lockout should probably be applied. I'm attaching a screen shot for you. I found the same issue with Google and I have got my response from them.
The Apple employee responded, "It's good to hear from you. Thank you for the information."
Read 3 remaining paragraphs | Comments