Scam of the day – January 4, 2015 – Every iCloud account in jeopardy of being hacked

A hacker using the name Prox13 has made public a tool that he says enables anyone to hack into someone else’s iCloud account.  You may remember that it was not long ago that photos of nude celebrities such as Jennifer Lawrence and Kate Upton that had been stored on iCloud were hacked and released to the public.  In the wake of that scandal, Apple set up increased security options people could use to make their accounts more secure.  The tool, which is called iDict purports to exploit a vulnerability in Apple security and is able to bypass account lockout restrictions and secondary authentication security. Apple has not confirmed that its system is vulnerable or that this tool is able to exploit such a vulnerability that may exist, but numerous tweets on Twitter have indicated that indeed the tool does work.  If indeed this report is true, all users of iCloud have reason to be concerned.

TIPS

In response to previous hackings and attempts to hack iCloud, Apple has increased security to stop brute force attacks where the hacker uses a program that guesses large numbers of passwords until it gets the correct password.  Present iCloud security blocks these kind of attacks.  Apple also has a dual factor authentication security option by which a user’s account can only be accessed after he or she has received an authentication code on their smartphone each time a user accesses his or her account.  Had this security option been used by the hackers of the celebrities involved in the celebrity nude photo hacking, their security would not have been breached.  It is a good option for everyone.  However, if indeed iDict is as effective as it is claimed to be, even this security option would not protect you.

One way that people could make their iCloud account safer until Apple finds a cure for this problem is to change the email address attached to the account to one that they use exclusively for iCloud and do not make public because any hacker would need to know the intended victim’s email address in order to hack into his or her iCloud account.

 

Leave a Reply

Your email address will not be published. Required fields are marked *