Hackers released 'iDict' tool for hacking your Apple iCloud account - make sure your password is not on the list

Published: Sat, 03 Jan 2015 by Rad

Hackers released 'iDict' tool for hacking your Apple iCloud account - make sure your password is not on the list. The tool , according to the hacker, has been released to force Apple to act on the issue and nothing else. The company needs to fix the "painfully obvious" vulnerability before it's "privately used for malicious or nefarious activities," Pr0x13 explains on GitHub.

The tool, dubbed iDict, actually makes use of an exploit in Apple's iCloud security infrastructure to bypass restrictions and two-factor authentication security that prevents brute force attacks and keeps most hackers away from gaining access to users' iCloud accounts.

Pr0x13 claims iDict to be a "100 percent" effective and simple to use method of cracking individual iCloud account login credentials. So, those using easy-to-guess passwords on their iCloud account are in more danger than those using a complex chain.

Weak password - Ignoring warnings

Despite countless warnings and advices in the past, online users are continuously using a weak strength of password chains such as "password," "12345678," "qwerty," "abc123," and "iloveyou", expecting that they couldn't be a target of hack. But, now they need to worry about it.

iDict, currently hosted at GitHub, is limited by the size of the dictionary the tool uses to guess the password. At the time, the dictionary file only contains 500-word-long list of passwords. This means whilst it will succeed "100%" at trying 500 times over, the tool is by no means guaranteed to succeed at cracking your password. So if you are the one from the given 500-word-long list, your iCloud account is really at risk.

"So far, we haven't heard about any fallout from the release of the exploit, but users on Twitter and online discussion forum Reddit are saying that iDict is working as intended."

http://thehackernews.com/2015/01/iDict-icloud-password-hacking-tool.html

Limited capabilities

iDict's capabilities are limited by the size of the dictionary it uses to guess your password. So you're really only in danger if your password is on the 500-word-long list included with the hacker tool. All of the passwords fulfill the requirements for an iCloud password, but if you're using one of these rather obvious passwords, you should change your password anyways. Here are some examples:

  • Blink182
  • ILoveYou2
  • Pa55word
  • P@ssw0rd
  • iloveyou
  • trustno1

Get better password now

Passwords provide the first line of defense against unauthorized access to your computer. The stronger your password, the more protected your computer will be from hackers and malicious software.

You should make sure you have strong passwords for all accounts on your computer. If you're using a corporate network, your network administrator might require you to use a strong password.

Anybody can create strong password now using online tools. Even if you do not want to use Internet, you can use these tips for creating strong password:

  • Is at least twelve characters long.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete word.
  • Is significantly different from previous passwords.
  • Contains combination of characters - uppercase letters, lowercase letters, symbols (e.g. ~ ! @ # $ % ^ & * | : /), numbers

Online secure, random password generators

Action needed by Apple

Apple needs to act fast on the issue to avoid another controversy like the celebrities' nude photo scandal of 2014, in which the brute force attack gave hackers access to countless personal and nude photographs of a number of high-profile celebrities.

But, you just can't rely fully on the company regarding your online security. As a precaution, first make sure that your password does not appear in Pr0x13's password file and if it is change it immediately. Also change your password if you use a weak password! Moreover, enable two-factor authentication on all your accounts, if you haven't already.

Our previous news stories