Posted on Monday, September 01 2014 @ 14:15 CEST by Thomas De MaesschalckA hack of Apple's iCloud service is rumored to be the culprit of the largest celebrity hacking to date. Apple hasn't confirmed anything yet but Engadget believes a 'Find My iPhone' exploit could be to blame for this sad invasion of privacy:
The potential exploit relates to a project on the code hosting site Github called, imaginatively, ibrute. Just a day before the images leaked, the developers of ibrute announced a bug in the Find My iPhone service means it doesn't employ bruteforce protection (i.e. an attack can continue using different passwords until the right one if found). The implication is that this could give access to AppleIDs, and from there any number of avenues to compromise accounts become significantly more viable. It's certainly not the first intrusion issue with the service we've seen. If this was the tool used, the hackers would have needed email addresses of celebrities. But, it's possible that only one address is needed, allowing to search inboxes for those of others in a domino effect.The exploit has reportedly been patched but the amount of damage done in such a short time speaks volume about the potential danger of using the cloud to store sensitive data.
Perhaps even more worrisome is that at least some of the stolen photos were reportedly deleted a long time ago. Actress Mary Elizabeth Winstead confirmed the authenticity of the photos on her Twitter and claims the leaked photos of her were images she shared in a private moment with her husband several years ago. Winstead claims she deleted the images from her smartphone yet the hacker was able to recover them anyway, raising questions whether or not deleted iCloud data is ever truly deleted.
Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked.
— Mary E. Winstead (@M_E_Winstead) August 31, 2014