"iBrute" questions iCloud Security

Even Apple a heretofore breech-less vendor has recently been found responsible for a security breach. It appears that on Sunday August 31, 2014 a number of photos were taken from Apple iCloud.  The vulnerability created the exposure known as “iBrute” and allowed access to the compromising photos, rather than locking the iCloud entry way after numerous attempts left it open.
The vulnerability has been closed by Apple which after five missed attempts has now locked the entry way preventing any further attempts.
There apparently is a python based script, (which was available at GitHub) allowed the would-be attacker  to brute force their way into the “Find My iPhone” service.  The Find My iPhone” service did not lock the gateway after repeated attempts to guess the users password.
The vulnerability allegedly discovered in the Find My iPhone service appears to have let attackers use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the password had been matched, the attacker can then use it to access other iCloud functions freely.
Although the Apple breach is the most recent Cloud breach, there have been many others. In April 2011 E-mail services firm Epsilon had a cloud based breach which cost them up to $225 million in total costs as a result of its data breach, a massive event that indicated the often overlooked risk of cloud-based computing systems. In early April Epsilon, the world’s largest permission-based email marketing services company that serves over 40 billion emails annually reported a breach in its security.
Also in 2011 Amazon experienced a disruption to its services to popular sites like Foursquare and Quora. It is another example of a cloud failure that could prove extremely costly in the long run – and a hint of more troubles on the horizon.
With the transition of more and more services to the cloud, it’s imperative that your company secure its cloud infrastructure. There is no one, “right” way to do so. Consult with business experts to ensure that your data is being secured and a sensitive breech like this does not happen to you.
The average cost to a company of a large scale security breech is $3.5 million. If your company is a mid-market size organization, this cost is enough to shut down operations completely. And more and more, hackers are targeting mid-market companies purely because they are aware of the lack of intense focus on cloud security.
Contact your IT experts before this cripples your business entirely. Anytime your company is handling sensitive personal data, whether it’s social security numbers or credit card numbers, it’s imperative that you have a safe security space. Because as you can see, if even the behemoth companies are susceptible, why would your company be any different?
If you have questions about your security infrastructure, contact wendy@txmq.com for a consultation. Your first conversation is a free discovery call to assess what your needs may be.
 
Image Provided by Flickr: dekuwa  https://www.flickr.com/photos/dekuwa/
Statistics provided by: Ponemon Institute