Apple has fixed a vulnerability in its iCloud service that a hacker used to prove that any account was vulnerable to being hacked into.
iDict was a hacking tool released online on New Year’s Day. It used a hole in Apple’s security to repeatedly guess user passwords, allowing hackers to access any account given enough time.
Pr0x13, the person who created the hacking tool, claimed that there was a “painfully obvious” flaw in Apple’s iCloud which could be used to bypass security systems like passwords, security questions, and even two-factor authentication (which is the security system using text messages that could have prevented the celebrity iCloud hack).
iDict worked by guessing a user’s password by running through a long list of commonly used passwords until it hit upon the right one. Apple blocks these “brute force” attacks, but it seems that there was a hole in its security that iDict exploited.
It looks like Apple acted fast to shut down the hacking tool. iDict was released on New Year’s Day, and its creator tweeted on January 2 that people trying to use the service were causing iCloud accounts to be locked for security reasons, preventing hackers from gaining access.
iCloud was criticised in 2014 when hackers used the online service to access the accounts of celebrities like Jennifer Lawrence and Kate Upton. Hundreds of naked photographs leaked online after hackers bypassed Apple’s security question system.
After the wave of leaked images of celebrities emerged online, Apple CEO Tim Cook gave an interview where he promised to increase iCloud’s security by adding alerts and improving two-factor authentication.
We reached out to Apple for comment on this story and will update if we hear back.