iCloud not responsible for celebrity nude photo leak, says Apple

Celebrities are often the unfortunate targets of all sorts of pranks and terrible occurrences, but the latest involving Apple’s iCloud has got some individuals struggling to understand what caused the recent hack attack.

According to claims from earlier this weekend, celebrity iCloud accounts were targeted by hackers, who were able to not only log in with emails, but, against expectation, were able to continue trying passwords until they typed the right one to gain access to iCloud. Experts say that a program called iBrute (uploaded to a stie called GitHub) allows one to perform a brute-force attack on a program such as iCloud where the system, instead of locking up to protect users, allows someone to enter passwords an unlimited number of times until an attacker gains entrance into the desired account.

The hackers managed to leak nude photos from celebrities such as Kate Upton, Jennifer Lawrence, Kim Kardashian, Selena Gomez, Rihanna, and Kirsten Dunst. After posting a few of the photos, the hackers decided to start charging to allow the nude sneek peaks to continue.

Twitter member HackApp tweeted on Sunday morning, “AppleID brute force tool via FindMyiPhone bug. Doesn’t lock AppleID.” HackApp, the owner of the iBrute program, made the announcement before the nude photos were leaked on the Web. So far, some have been verified to be accurate, while others appear to be fake – according to celebrities who’ve been contacted about the nude photo leak.

As of yesterday, Apple patched up the FindMyiPhone bug, but said today in a statement that its own investigation determined that FindMyiPhone and iCloud are not responsible for the brute force attack: “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or FindMyiPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

While Apple says that it is not responsible, celebrities are concerned. According to some private interviews with celebrities, some of the photos that have been uncovered stem from past photos that they’d deleted from their iPhones. As most analysts know, deleting photos from one’s iPhone does not delete them from iCloud or Photo Stream. Photos that appear in both iCloud and Photo Stream have to be deleted manually in order for those photos to disappear. Seeing old deleted photos reappear across the Web is a sign that, whatever happened, celebrity accounts were hacked. And, if those users were iCloud users, then the most likely explanation is that AppleID and iCloud are to blame.

Tags

About the author

Nitin Agarwal

Nitin has a background in Electrical Engineering and is passionate about the Internet of Things. He covers how connected devices like smart homes, wearables, and industrial IoT are changing our daily lives. Nitin is also a DIY enthusiast and loves to build IoT gadgets.