There was a report saying that somebody has just uploaded a password-hacking tool called iDict to GitHub that promises to use good old fashioned brute force techniques to crack iCloud passwords. The tool seeks to evade Apple's rate-limiting and two-factor authentication security that's supposed to prevent brute force attacks. But it's not quite as bad as it sounds.
iDict's capabilities are limited by the size of the dictionary it uses to guess your password. So everyone is really only in danger if their password is on the 500-word-long list included with the hacker tool. All of the passwords fulfill the requirements for an iCloud password, but if you're using one of these rather obvious passwords, you should change your password anyways.
Here are some examples:
All that said, iDict isn't really a plug-and-play hacking device. The developer behind the tool isn't a friend to script-kiddies, he's trying to prove a point: Despite security updates since the brute force attack that gave hackers access to countless celebrities' nude photos, iCloud still isn't completely secure. Apple needs to fix the "painfully obvious" bug before it's "privately used for malicious or nefarious activities," he explains on GitHub. We've reached out to Apple to find out what they're doing about the vulnerability.
It seems like it wouldn't be that hard to swap out the 500-word-long list with an even longer, better list. Then, a tool like iDict could do real damage. Not to mention that ne'er-do-wells are probably gonna be using this tool as-is until the flaw gets fixed. So double-check your iCloud password against this list now, and pick something better even if your bad password isn't listed. Protect yourself while Apple's still working on shoring up that security.
iDict's capabilities are limited by the size of the dictionary it uses to guess your password. So everyone is really only in danger if their password is on the 500-word-long list included with the hacker tool. All of the passwords fulfill the requirements for an iCloud password, but if you're using one of these rather obvious passwords, you should change your password anyways.
Here are some examples:
- Password1
- P@ssw0rd
- Passw0rd
- Pa55word
- Password123
- ABCabc123
- Devil666
- Fuckyou2
- ILoveYou2
- Blink182
All that said, iDict isn't really a plug-and-play hacking device. The developer behind the tool isn't a friend to script-kiddies, he's trying to prove a point: Despite security updates since the brute force attack that gave hackers access to countless celebrities' nude photos, iCloud still isn't completely secure. Apple needs to fix the "painfully obvious" bug before it's "privately used for malicious or nefarious activities," he explains on GitHub. We've reached out to Apple to find out what they're doing about the vulnerability.
It seems like it wouldn't be that hard to swap out the 500-word-long list with an even longer, better list. Then, a tool like iDict could do real damage. Not to mention that ne'er-do-wells are probably gonna be using this tool as-is until the flaw gets fixed. So double-check your iCloud password against this list now, and pick something better even if your bad password isn't listed. Protect yourself while Apple's still working on shoring up that security.
Comments
Post a Comment