Apple Knew About iCloud Security Issues, Dev Says
The ongoing celebrity photo leaks all come back to one thing: iCloud security. The pics were allegedly snatched from iCloud, which has prompted Apple to shore up cloud storage security. A new report claims Apple wasn't caught off-guard by the attacks, and knew about severe vulnerabilities as far back as March of this year.
Ibrahim Balic tells Daily Dot he was in communication with Apple long before celebs had photos pinched and placed on 4Chan and Reddit. He was able to successfully hack iCloud accounts using "brute force", and let Apple know about his success via direct email as well as Apple's online bug reporting tool.
Daily Dot has several emails between Balic and Apple, showing they were both aware and concerned. The method used by Balic is one that is long in the tooth, and typically stopped in its tracks quickly. By entering the wrong password several times, an account is locked. Sometimes for a predetermined time, and other times until a different method of verification can be obtained.
In Balic's case with iCloud, he was able to log 20,000 password attempts to an account before it let him through.
It seems Apple just didn't take Balic seriously enough. Speaking to The Wall Street Journal, CEO Tim Cook says Apple needs to be more aware of threats. Balic tells Daily Dot "If Apple had taken this issue more seriously, perhaps such a problem would not have arisen".
Source: Daily Dot