(AP/Mark Lennihan)

Report: Apple was told of holes in iCloud security six months ago

However, there is no clear connection between the holes and the hacking of celebrity nude photos


Sarah Gray
September 24, 2014 9:36PM (UTC)

A report published on Wednesday by the Daily Dot reveals that Apple was told about a security flaw in iCloud back in March of 2014.

The Daily Dot obtained leaked emails between Apple and Ibrahim Balic, a software developer based in London, showing that Balic found and reported a security hole in iCloud. The Daily Dot reports that a team of security experts reviewed the emails.

Advertisement:

The security of Apple's iCloud came under fire after celebrity nude photos were hacked and disseminated, apparently from users' iCloud accounts. However, it is still unclear if this security flaw played a part in the "celebgate" nude photo hack. As of now, no clear lines can be drawn.

The emails to and from Balic can be found here. From the Daily Dot:

"In a March 26 email, Balic tells an Apple official that he’s successfully bypassed a security feature designed to prevent “brute-force” attacks—a method used by hackers to crack passwords by exhaustively trying thousands of key combinations. Typically, this kind of attack is defeated by limiting the number of times users can try to log in.

Balic goes on to explain to Apple that he was able to try over 20,000 passwords combinations on any account. 'I would like to inform you for it to be fix,' he wrote."

The Daily Dot reports that Balic contacted Apple multiple times. Balic, according to the emails, also found issues with Google security.

There was a security vulnerability posted on GitHub, the Next Web reported. It was eventually patched. This vulnerability, which was apparently through Find My iPhone, allowed hackers to try passwords without getting locked out of an account, or alerting the user.

Apple, on Sept. 2, reported that after an over 40-hour investigation, its team did not find a breach in security. Apple described the hacking as a "targeted attack" and recommended that users activate two-step verification. Tim Cook, Apple's CEO, also stated that the company would ramp up emails and push notifications to customers about passwords, and better educate users on security.

Advertisement:

“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Tim Cook stated earlier this month to the Wall Street Journal. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”

Salon has reached out to Apple for comment, and will update accordingly.


Sarah Gray

Sarah Gray is an assistant editor at Salon, focusing on innovation. Follow @sarahhhgray or email sgray@salon.com.

MORE FROM Sarah Gray

Related Topics ------------------------------------------

Apple Celebgate Hacking Icloud Security Technology

BROWSE SALON.COM
COMPLETELY AD FREE,
FOR THE NEXT HOUR

Read Now, Pay Later - no upfront
registration for 1-Hour Access

Click Here
7-Day Access and Monthly
Subscriptions also available
No tracking or personal data collection
beyond name and email address

•••






Fearless journalism
in your inbox every day

Sign up for our free newsletter

• • •