Apple Inc. (NASDAQ:AAPL) announced that it is probing into the iCloud hacking incident and the susceptibility of the app after reports of iCloud being used to break into the accounts of celebrities and release nude photos publicly, says a report from The Wall Street Journal. Firsthand comments from the media show that an individual account on iCloud triggered the hack. Through iCloud, Apple users can store photos, music and other data online.
Hackers exploited a vulnerability
Nat Kerris, a spokeswoman for the Cupertino, Calif.-based Apple, said that the company gives highest importance to user privacy and is investigating the matter actively.
A user came across a bug in Apple Inc.’s Find My iPhone service, an app used for relocating a lost phone and deactivating it remotely if stolen, says a posting on online code-sharing site GitHub. The report said that the bug allowed the hacker to repeatedly punch in codes until the right one was identified. Usually the device is locked after typing in the wrong code for a set number of times to prevent a “brute-force” attack.
Rich Mogull, executive of security research and advisory firm Securosis, said it is likely that hackers took advantage of that vulnerability. Mogull said that as of now, nothing could be established with surety and added that there are possibilities that the hacker got in through individual accounts rather than breaking the Apple system. He said that hacking Apple’s entire iCloud system comes as a shock to him, if true.
Apple iCloud a comfort, but risky
Celebrities whose accounts were compromised include actress Jennifer Lawrence and model Kate Upton. Another actress, Mary E. Winstead, posted on Twitter that the hackers got their hands on photos she took with her husband last year in their home and was deleted. Actress and singer Victoria Justice alleged that the nude photos of her that were released in the hacking were fake.
In its statement, the FBI said it knows about the scandal of hacking the app for releasing material belonging to high-profile individuals. Clifford Neuman, director of the University of Southern California’s Center for Computer Systems Security, said that while it’s a comfort that data from personal devices is now saved over the cloud, it’s also a risk.