A researcher, Ibrahim Balic, is currently claiming that he had discovered a similar iBrute flaw which was the reason behind the celebrity photo leak scandal.
Ibrahim Balic who is a security researcher discovered six months ago, a security flaw that allowed brute force attack on Apple Inc.’s (NASDAQ:AAPL) iCloud service and immediately reported it to the Apple product security team. He submitted screen shots of his entire conversation to The Daily Dot who has made them public as proof of these allegations.
In response to Balic’s attempts the engineers at Apple replied to Ibrahim that the information provided was scrutinized by them and it seems that it would take an unusually long time for someone to find a valid password for an account. They further asked Ibrahim about the ways the flaw could be used. Ibrahim has not specified what he replied when the engineers asked him this however.
This dialog between Ibrahim and the engineers at Apple Inc., of which some screenshots have been provided as well, took a total of around more than two months. During which time the situation must have been looked at from several different angles for sure and finally the engineers ended the dialogue by writing it off as something non-urgent. It could be also possible that Ibrahim would have felt enraged by Apple discrediting his claim to fame and moving on to more urgent things according to them.
Ibrahim told Apple representatives that he was able to test around 20,000 dummy passwords against several accounts and he thought it wise to apply the account lock out policy for the accounts present on iCloud. He also specified that this issue was also present for the Google accounts which he had tested and had also notified them of the issue. Google representatives have not been yet approached for comment as to if the issue reported to them by Ibrahim was fixed or is it just a false alarm.
But is the flaw reported by Ibrahim the same flaw which landed Apple in trouble with so many stars? That is what Ibrahim is claiming, however official company spokespeople have yet to respond. This bug went unresolved Ibrahim says but is he really sure? Did Apple engineers pick it up again and went on investigating the issue without keeping Ibrahim in the loop? The iBrute tool which was used against Find my iPhone on iCloud if is the same bug then Apple is surely in for a big lawsuit.
Apple however clearly stated in a press release that the Find my iPhone flaw had nothing to do with the iCloud scandal. They said that the iCloud hacking was an extremely targeted hacking attempt which most probably involved years of research and social engineering against the targeted celebrities. However, this is contrary to popular belief and rumor has it that the Find my iPhone is clearly responsible for the celebrity iCloud hack. If you put two and two together you can clearly decipher the same thing as well which Apple Inc. (NASDAQ:AAPL) is bent upon denying.
