Apple received an alert that it had a glaring hole in the security of its iCloud service six months before myriad celebrities like Rihanna and Jennifer Lawrence had private nude photographs boosted from their accounts and posted online.
While it’s not clear if that vulnerability led to the nude leaks, Apple apparently brushed off the concerns of software programmer Ibrahim Balic, who approached the company with a formula he used to breach the iCloud firewall in March. Balic posted the email exchange with the Daily Dot.
The London-based Balic made clear, at least in his multiple emails to Apple, that he’d devised a method of successfully breaching the iCloud firewall, using brute force attacks that throw a fast and continual stream of number-and-letter combinations at user accounts. Brute force attacks ultimately led to the nude celebrity scandal that is still reverberating. Balic told Apple that by using brute force attacks, he was able to hurl 20,000 password combination tries at iCloud accounts.
What’s clear is Balic is a white hatter who threw Apple a bone. In the Daily Dot piece, Balic shared his exasperation of being ignored by Apple when he broached the issue with them. Ultimately, Balic is using the case to illustrate how Apple and others white hatters seriously when they reach out and tell them they have a problem.
I reached out to Balic and will have more soon.
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here