Brute-force attack

[youtube=https://www.youtube.com/watch?v=IKKZfZUqk3I]

More than four months after Tim Cook promised emailed login alerts and the reintroduction of two-factor authentication in the wake of the high-profile celebrity iCloud hacks, five Apple logins remain unprotected by the system. Hackers of NY founder Dani Grant used videos to demonstrate each of the vulnerabilities in a blog post.

Grant showed that two-factor authentication isn’t needed when using an unknown Mac to login to iMessage, iTunes, FaceTime, the App Store or Apple’s website. According to Grant, only one of the five services sent an email notification advising that an unknown device was used to log in … 
Expand
Expanding
Close

The software developer credited by Apple for discovering last year’s developer center flaw says that he informed Apple of an iCloud weakness that may have been used to obtain celebrity nudes more than six months before the photos were accessed.

The Daily Dot reports that Ibrahim Balic advised Apple in March of a Find My Phone weakness that would allow brute-force attacks on iCloud accounts. It has been suggested that this may have been one of the methods used to access the accounts – or even complete iPhone backups – of celebrities … 
Expand
Expanding
Close