Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.


Easy passwords key to celeb iCloud hacking

04 September 2014, 12:56

Paris -Cyber-security expert Gerome Billois explains how a "targeted attack" on some iCloud accounts -- the Apple online service that stores all types of content -- led to the release of nude celebrity photos.

How were these accounts hacked?

"Last weekend someone posted a message on the site GitHub revealing a security flaw in the iCloud "Find My iphone" function that allows people to locate a missing smartphone. On the part of the service intended for developers, but accessible to anyone online, Apple had not locked the interface where you have to enter the password for the iCloud account. The number of attempts was not limited, whereas the portal used by the general public normally locks after five failed attempts. At the same time, the hacker posted software which automatically tests for possible passwords, a tool called @Brute force, which it had renamed iBrute. And it explained how to use it very simply. Anyone could then hack the iCloud accounts of celebrities and access their content, including photos from their phones."

Also Read: How to protect your data in the cloud

How can such attacks be prevented?

"One can now store all sorts of information in the cloud. iCloud is the service from Apple where one can have access to all one's information from any appliance. For example, if you change telephone you can find and reload all your data -- emails, photos et cetera. From a functional point of view it's great. But the key to all these services is the password, which is often weak and the same one used for various services. It's because of this that we will ask you to use long passwords or passwords with numbers. It is even better to use passwords with two elements. For example, you may also be asked for a code sent by text message to your phone, as certain banks do. As for secret questions (which can replace a password) on the one hand you have to trust people who might know the answers and secondly, if you're a celebrity, it will be easy for someone to find out your place and date of birth or the answers to other common 'secret' questions."

Also Read: Celebrity hacking clouds Apple's upcoming product launch

How frequent are such security lapses?

"The ethics code followed by computer security experts means that they reveal flaws only after they have been corrected. However, whoever discovered this one did not inform Apple and what's more he or she provided an attack tool. They even put out the list of the most common 500 passwords. Apple corrected the problem but it needed time to react, which is normal because you need at least 24 hours to check if vulnerabilities exist."

Gerome Billois is a cyber-security expert at management and IT consultants Solucom.



Read News24’s Comments Policy

Comment on this story
Comments have been closed for this article.

Read more from our Users

Submitted by
Victor Tinto
Man who attacked US Embassy a 24 ...

A man who attacked the US Embassy in Nairobi was a 24 year old from Wajir County. Read more...

Submitted by
Victor Tinto
US Embassy to remain closed Frida...

The US Embassy in Nairobi will remain closed Friday following a terror attack on it Thursday. Read more...

Submitted by
Victor Tinto
Leave ODM if you are unhappy, Rai...

Leave ODM if you are not happy, Raila Odinga tells Senator. Read more...

Submitted by
Victor Tinto
Former Assistant Minister joins J...

A former Assistant Minister has quit PNU and joined the Jubilee Party. Read more...

Submitted by
Victor Tinto
DP Ruto intervenes as Kerio Valle...

DP William Ruto will visit Kerio Valley to try solve never-ending clashes between local residents. Read more...

Submitted by
Wilson Ochieng
ODM MP chased down by angry Kibra...

Kibra MP Ken Okoth had a hard time in his constituency after angry youth pelted him with stones. Read more...