The celebrity nude ‘hack’ back in 2014 focused attention on the risks involved in having intimate photographs stored on your phone – and especially on cloud servers like iCloud. While our suspicions were correct that it wasn’t a hack at all, it did illustrate that poor security can put photos at risk.
A new app aims to automatically scan your iPhone for nudes, moving them to a protected vault in the app and then deleting them from both the camera roll and iCloud …
Jennifer Lawrence was one of the victims of the celebrity phishing attack
The hacker who gained access to numerous celebrity iCloud accounts in order to obtain nude photos has been sentenced to 18 months in prison in a plea bargain deal.
When the celebrity nudes story broke back in 2014, it was headline news in the mainstream media. The story was that ‘iCloud had been hacked.’ The truth, of course, was a little different. As we suspected at the time, and Apple later confirmed, the ‘hack’ wasn’t really any such thing. A combination of two techniques were used to gain access to the iCloud accounts.
First, phishing: sending emails designed to look like they were from Apple asking the celebrities to login to their accounts, and directing them to a fake website made to look like the real thing. Second, guessing the answers to security questions – something easier to do with celebrities given the amount of biographical information available in the public domain.
That’s not to say Apple was entirely blameless. iCloud did not, at the time, offer two-factor authentication. Given that an iCloud backup is a near-complete copy of all the data stored on an iPhone, that was something which should have been included from the start. But the bottom-line is that iCloud itself wasn’t really hacked in any meaningful sense of the word.
It was this week confirmed that phishing was the approach taken by the main offender in this case. In other words, nothing whatsoever to do with iCloud security. This news hasn’t resulted in a single headline in the mainstream media. The average non-tech person out there still believes ‘iCloud was hacked’ …
Grant showed that two-factor authentication isn’t needed when using an unknown Mac to login to iMessage, iTunes, FaceTime, the App Store or Apple’s website. According to Grant, only one of the five services sent an email notification advising that an unknown device was used to log in … Expand Expanding Close
The software developer credited by Apple for discovering last year’s developer center flaw says that he informed Apple of an iCloud weakness that may have been used to obtain celebrity nudes more than six months before the photos were accessed.
The Daily Dot reports that Ibrahim Balic advised Apple in March of a Find My Phone weakness that would allow brute-force attacks on iCloud accounts. It has been suggested that this may have been one of the methods used to access the accounts – or even complete iPhone backups – of celebrities … Expand Expanding Close
Politico reports that Apple briefed a Congressional committee on the security and privacy of its products following concerns raised by the celebrity nudes story.
A week after Apple rolled out new products that track users’ health and fitness, the company dispatched its executives to Capitol Hill to address emerging privacy and security concerns […]
Bud Tribble, the company’s chief technology officer, and Afshad Mistri, its health product manager, briefed the powerful House Energy and Commerce Committee, according to three congressional sources.
Apple is clearly focusing on communicating its commitment to securing user data. Tim Cook yesterday published a letter on the company’s website addressing the issue. Apple also added a new webpage specifically focusing on the security credentials of iOS, OS X and its cloud services.
While it now appears clear that the methods used to obtain celebrity nudes from iCloud were a combination of phishing and weak security questions rather than any fundamental weakness in the service itself, Apple will be keenly aware that perceptions matter as much as, if not more than, facts.
A YouGov survey of more than 1,000 American consumers commissioned by security company Tresorit found that just over a third of them have taken steps to beef-up their online security in response to the iCloud hacks.
The most common response was to change passwords for stronger ones, with 13 percent creating different passwords for each online service and 6 percent enabling two-step verification … Expand Expanding Close
A forensics consult and security researcher who analyzed metadata from leaked photos of Kate Upton said that the photos appear to have been obtained using software intended for use by law enforcement officials, reports Wired. The software, Elcomsoft Phone Password Breaker (EPPB), allows users to download a complete backup of all data on an iPhone once the iCloud ID and password have been obtained.
If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages …
The FBI is now leading the investigation into the alleged iCloud hack in which nude photographs of a number of celebrities were obtained, reports the Telegraph. FBI spokesperson Laura Eimiller said:
[The FBI is] aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. Any further comment would be inappropriate at this time.
It has been suggested that a vulnerability in the Find My Phone service may have allowed attackers to brute-force passwords in order to access the iCloud accounts of celebrities … Expand Expanding Close
Manage push notifications
We would like to show you notifications for the latest news and updates.
Please wait...processing
We would like to show you notifications for the latest news and updates.
