In the morning I told you that hundreds of pictures of NAKED Hollywoold stars have been stolen, apparently, from their own accounts iCloud, some of them being confirmed by stars through various social networks. Although no one knows for sure if iCloud was the source of these pictures, the company Apple Lossless Audio CODEC (ALAC), closed during this day a service vulnerability Find My iPhone to perform a type attack Brute Force in order to discover the passwords Apple IDof the stars.
It uses the Find My Iphone service API, where brute force protection was not implemented. Password list was generated from top 500 RockYou leaked passwords, which satisfy appleID password policy. Before you start, make sure it's not illegal in your country.
As soon as they discovered Apple ID- of a star, hackers were able to use brute force attacks to guess their passwords, the Apple company not having implemented a protection system for Find My iPhone. In this idea, based on word dictionaries, hackers could test hundreds, thousands or even millions of passwords for each Apple ID to discover the correct one, all without iCloud blocking their access to the accounts in any way.
This vulnerability was closed by Apple during the night after a script for its exploitation was published on the Internet 2 days ago, iCloud is now blocking an Apple ID after entering the wrong password 5 times. Even if this security measure does not exist until today, it is hard to say if it was at the basis of the theft pictures of NAKED Hollywood stars, but the theory seems as plausible as possible.
