Apple has beefed up its “Find My iPhone” app after the service came under brute-force attack from hackers.
Apple says it has patched a security hole — by allowing limited password tries — against brute-force attacks, which ping the device with password after password until the right one is found to unlock an account.
This hack could be behind unlawful access to the iCloud accounts of several celebrities and the release of photos of actress Jennifer Lawrence in various stages of undress as well as private photos of actress Mary Elizabeth Winstead and model Kate Upton.
The vulnerability in the “Find My iPhone” feature was exposed on the code-sharing site GitHub a day before a collection of nude photos depicting celebrities was leaked. The Find My iPhone service wasn’t equipped with a mechanism for preventing “brute-force attacks,” or when hackers create a tool to test thousands of passwords against a user’s account until they find the correct one, according to Engadget.
“We take user privacy very seriously and are actively investigating this report,” Apple spokeswoman Natalie Kerris said.