This week, Groton Pixel is advising clients to take note of an emerging threat to accounts on Apple’s iCloud, the virtual drive you may have gotten with your iPhone, iPad, iPod, or iTunes. Apple’s iCloud security is generally well-regarded, but is a popular target for hackers and has recently been subject to embarrassing breaches including the release of a nude photos stolen from a number of celebrity accounts.
The newest threat comes in the form of a tool called iDict, which supposedly allows hackers to use brute force attack to bypass Apple’s most effective security measures. A brute force attack uses an automated program like iDict to make a large number of wild guesses at a password until it stumbles upon the right one. It works because many people choose a password that’s easy to remember over one that’s hard to guess, and especially because we have some very common strategies for making things easy to remember.
- If your password is the word “Password” with a number appended to it, you may be vulnerable to a brute force attack.
- If your password includes a dictionary word, common name, nickname, pet name, or short phrase, you may be vulnerable to a brute force attack. And yes, the hackers are on to your trick of replacing S’s with 5, or a’s with @’s, or I’s with 1’s, and so on.
- If your password is some variation of a celebrity, literary character, or athlete’s name, you may be vulnerable to a brute force attack.
- If your password is a string of keystrokes in the order they appear on your keyboard, such as “Qwerty” or “!QAZ2wsx,” you may be vulnerable to a brute force attack.
The good news is that iDict’s brute force attacks can only break passwords included in the program’s dictionary, which are likely to be a finite list of the most commonly used passwords.
For this particular threat to this particular account, your best remedy is to immediately change your iCloud password if it falls into one of these easy-to-guess categories. And while you’re at it, do the same for all of your other accounts.
For optimal protection against brute force attacks, choose a longer password and mix upper case, lower case, numbers, and symbols.