Apple 'actively investigating' celebrity iCloud hack
Cupertino reaffirms commitment to privacy, amid claims that Find My iPhone bug could be to blame
Apple is "actively investigating" news this week that a large number of celebrities' iCloud accounts have been hacked, leading to the publishing of a slew of private photos.
In a statement given to Re/code, an Apple spokesperson said that the vendor takes user privacy very seriously, and that it was investigating the breach.
Celebrities such as Jennifer Lawrence, Kate Upton and Kirsten Dunst are among those said to have had their iCloud accounts breached, according to reports. The hacker initially posted up the stolen images on photo-sharing site 4Chan, before they were reproduced on other social media sites such as Twitter and Reddit.
Given the fact that only a specific set of people were attacked, and the nature of the data that was stolen, security experts have opined that the hack was highly targeted, and likely not a wide-scale breach of the iCloud online storage service.
The lack of two-factor authentication is seen by many as one of the prime reasons why a hacker would be able to compromise an account.
Apple does offer two-factor authentication with its accounts, called Two-Step Verification, though experts have called Cupertino out on not making enough users aware of it.
An alternative theory surrounding how the iCloud attack was conducted was detailed in a post on GitHub yesterday. The authors of the post described a bug within the Find My iPhone service which could have been used to compromise the celebrities' iCloud accounts.
The bug, GitHub said, meant that there was no ‘brute force' protection in place. Brute force hacking involves repeatedly entering a large number of passwords until right one comes up. These passwords could have been obtained from various sources, given the number of large-scale website data breaches that have occurred over the past year.
According to GitHub, brute force protection demands that a wrong password can only be entered so many times, but through the Find My iPhone flaw, the hacker could have entered a wrong password huge numbers of passwords without being locked out.
Upon accessing the Find My iPhone service, the hacker would then have found it much easier to breach the celebrities' iCloud accounts, the theory goes.
GitHub yesterday updated its original post, claiming that Apple had patched the Find My iPhone vulnerability.