A new tool submitted to GitHub (www.github.com), a a web-based Git repository hosting service, claims to be able to perform password dictionary attacks on any iCloud account, seemingly able to evade detection from Apple’s rate-limiting security that is supposed to prevent such dictionary attacks from happening, reports “9to5Mac” (http://tinyurl.com/pqj3qkf).
The source code for the tool has been released onto GitHub. It tries every possible word in its 500-long word-list as the password for a given iCloud account email. This means while it will succeed “100%” at trying 500 times over, the tool is by no means guaranteed to succeed at cracking your password, notes “9to5Mac.”
According to Apple: “iCloud secures your data by encrypting it when it’s sent over the Internet, storing it in an encrypted format when kept on server (review the table below for detail), and using secure tokens for authentication. This means that your data is protected from unauthorized access both while it is being transmitted to your devices and when it is stored in the cloud. iCloud uses a minimum of 128-bit AES encryption—the same level of security employed by major financial institutions—and never provides encryption keys to any third parties.”