Apple patched a security exploit in the iPad, iPhone, iPod “Find My iPhone” iOS feature that helps users locate their missing iPad, iPhone and iPad just a short time ago, according to a Sep. 1 report in ZDNet. In addition to employing “Find My iPhone” to find a missing iPad, iPhone or iPod on a map, users can also play a sound on a device to help locate it, lock the device and remotely delete all personal information from a device.
This security exploit allowed hackers to use brute-force to gain access to a user's iCloud account. “Brute-force” is when a hacker uses software that systematically enters all possible password combinations until the correct one opens an account. Recently, software for just such a brute-force attack on iCloud was uploaded to “GitHub."
Brute-force attacks are usually stopped by limiting the password attempts during a site's log-on procedure. That is, after a certain number of attempts, the account locks. But lockout protection was not available in “Find My iPhone” and this is a security flaw that hackers seem to have exploited to break into celebrities accounts over the past days and post nude photos of them—or photos of them in very risque positions. Allegedly exploited iCloud accounts apparently belong to celebrities like Jennifer Lawrence, Kim Kardashian, Rihanna and Selena Gomez.
Some celebrities took to Twitter to vent their outrage at this horrible invasion of privacy. For example, you can see what Mary Winstead had to say in this tweet.
Of course, hackers would also have to know the username (Apple ID) of these celebrities to access their accounts, but email addresses usually are published along with a celebrity's comments (just like email addresses almost always appear when anyone posts a comment on the web). Once in an iCloud account a hacker can access contact contacts and calendar schedules too. According to Apple Support, users are supposed to use their primary email address for an Apple ID.