One could probably modify a much more sophisticated/fast brute-force software to attack iCloud, like hydra.
Given the deep pockets Apple has, I don't understand how something like this was even possible.
Still, I expected better from Apple. Props for the fast patch.
Here is another flaw in iPhone. If a person is casting their screen to an Apple TV and must enter their PIN number, the screen will highlight each button press on the TV. No fingers in the way to even block it. Simple solution: don't broadcast this or don't provide screen feedback for entering the PIN.
What do you guys think?
Addendum: the way it went down on 4chan points towards someone that is not an expert on extortions. You don't go to the public for some pocket change when you can have publications or the celebs paying you hundreds of thousands of dollars for those pictures.
Anyway, I hope the FBI gets this freak and put him in the can for as long as they're able to.
If only people shared the same feelings about illegal mass surveillance and the lax security of the companies responsible for these breaches.
Though he's commented to Buzzfeed denying it was him (but anyone would).
@nikcub still thinks it's him
I absolutely refuse to do so, and therefore use only software that doesn't require it. I suspect I'm not entirely alone out here on the sidelines...
Delayed disclosure is a nicety, not something you are obligated to do.
By going loud and public, you ensure that the company has to do something to save face. It can't just be forgotten on some manager's desk.
And the fact is, you, as part of the public, would only know about the times when somebody goes loud about an exploit. For all you know, there might have been hundreds upon hundreds of times when security researches have gone to the company and been outright ignored, and when one finally goes loud with what he has found, you say "He really should have done this more quietly, it would have been much more responsible"
The leakers themselves claim it was from iCloud (the actual leaker only bought it online from various hackers though, again according to him).
He claims the hackers got them from iCloud hacks, and other more social engineering hacks.
So unless those are all well secured (and they may be, no clue) then moving to Android is no magical fix.
A better way of doing things is making it more clear to people what they are and aren't backing up. I'm sure for the majority of people backing up nudes is unintentional.
That's the reason why I will never trust the cloud for personal stuff (for non-critical professional stuff is ok)... I'd only be willing to test MaidSafe, after they reach a stable release...
I'm no fan of Apple Maps. I pretty much only use it when I have to (e.g. because Find My Friends uses it) or to make fun of it. But there are a ton of people who don't care and just use the default. Even among my tech-savvy programmer friends it's common.
You sure Apple won't also get rid of TouchID as well ?