Developer reported iCloud brute-force password hack to Apple nearly six month ago

Shawn Knight

TechSpot Staff
Staff member
The iCloud security incident that made headlines early this month could possibly have been prevented. That's because London-based software developer Ibrahim Balic claims to have reported a brute-force iCloud password attack to the Cupertino-based company nearly six months ago.
...

[newwindow="https://www.techspot.com/news/58199-developer-reported-icloud-brute-force-password-hack-to-apple-nearly-six-month-ago.html"]Read more[/newwindow]
 
G

Guest

Oh look! Theyre protecting icloud accounts now with their imaginations and innovations as well.
 

hitoshianatomi

TS Rookie
Apple should also do something about the big vulnerability that their Touch ID brings:Biometrics operated with a password in the OR/disjunction way offers a lower security than when only the password is used.

Biometrics can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction. I would appreciate to hear if someone knows of a biometric product operated by (1). The users of such products must have been notified that, when falsely rejected with the devices finally locked, they would have to see the device reset.

Touch ID and other biometric products are operated by (2) so that users can unlock the devices by passwords when falsely rejected, which means that the overall vulnerability of the product is the sum of the vulnerability of biometrics and that of a password. It is necessarily larger than the vulnerability of a password, say, the devices with Touch ID and other biometric sensors are less secure than the devices protected only by a password.