This simple hacking tool reminds us how important secure passwords are
Internet companies and security groups would be hard pressed to make people more aware of how dangerous it is to use easy-to-guess passwords such as “12345678” or “password,” and yet numerous people still do this. The “it won’t happen to me” mentality is probably the biggest reason for this, but a new tool that a hacker by the name of Pr0x13 has uploaded to GitHub could give these people a harsh lesson in online security.
Pr0x13 claims that this new hacking tool, known as iDict, is capable of bypassing Apple’s two-factor authentication and can guess your iCloud password through sheer brute force. iDict basically relies on a list of around 500 commonly used passwords in order to make its guesses. This is actually good new because it means that using a unique, hard-to-guess password should protect you from this hacking tool.
Even better news than that is the fact that Apple was quickly able to patch the vulnerability in iCloud that enabled iDict to re-enter passwords as many times as it pleased without being automatically locked out by account security features. Unfortunately, the vulnerability remained open for a brief period of time while Apple worked out how to fix it, which means that there’s a good chance that some accounts were successfully hacked in the meantime.
The hacker responsible for creating this tool actually had honorable intentions by releasing it, stating that the vulnerability on Apple’s end was painfully obvious to anyone who bothered to look, and that they hoped releasing iDict would prompt the company to patch it and help raise awareness for how important it is to maintain secure accounts online.
I’m sure many of you recall the massive iCloud data breach last year that saw the nude photographs of hundreds of celebrities leaked online. The hackers responsible for that infamous event in Internet history used a very similar trick that iDict did, allowing them to bypass Apple’s security-question system. While it falls on Apple to ensure that these kinds of vulnerabilities are discovered and fixed as soon as possible, it’s the responsibility of the users to ensure that they utilize the security tools at their disposal to protect their information online, from using two-factor authentication to just coming up with a secure password.