At present time there is a real need to protect iCloud password from different hacking tools like iDict. This tool use brute-force techniques in order to success the iCloud account. The users with weak
password become first to be hacked. Although, according to latest reports, the exploits were patched by Apple within a few days.
The developer launched the code and did not provide details in advance to Apple, which is unusual. The standard practice says that in order to give a company time to patch the vulnerability, you need to disclose this information privately.
iDict counted on exactly what the creator stated was obviously a “painfully obvious” problem with exactly how Apple managed repeated password failures through a particular URL. This type of problem is the same as reports that turned out after
last summer’s iCloud hack, which involved a variety of unthrottled password efforts towards iCloud and attempts to response security questions determined by celebrities’ biographies and other options. It was not also a secondary authentication bypass. It was a way for hacker to avoid answering security questions. As for now the
iDict developer page is closed, and the tool is patched by Apple.
Let's learn the anatomy of an hack tool attack and how protect iCloud account.
iDict and similar remote brute-force attacks rely on three elements: a way to perform excessive tests of passwords for an individual account; a way to
bypass an account protection and a weak password.
The users with the strong password that are used only to current account should not worry about
brute force attacks. If you pick a weak password, brute force method allow attacker to capture, encrypt passwords and test it with home-computer equipment against billions of passwords only per second. In this case, finding one password match helps the attacker to find all accounts that use the same password. So in order to protect personal iCloud documents you need to create strong password with 15 to 20 characters or mix of letters, numbers, and punctuation.
iDict came with a list of a few hundred default passwords that meet Apple’s minimum requirements for an Apple ID. These could be added to any person that use the code. Making these short lists even more dangerous, it’s possible for hackers to chain attacks.
Two-step verification is real way to protect iCloud password against attacks. If you’re using any password on about list, or anything similar, you need to change it immediately. Or better please enable two-step verification. The other two elements required for an iDict attack to work. Although this process again is under the control of Apple. The company should pay a real attention on its problem.