Security specialists are raising concerns that an increased number of celebrity iCloud accounts may have been violated, following the analysis of data from images stolen from celebrities such as Jennifer Lawrence and Kate Upton.
One prominent theory suggests that several of the photographs had been gathered by one hacker over a prolonged period, and later accessed by another hacker who managed to break into the first hacker’s machine. The oldest leaked photo dated back to December 2011, whereas the most recent one was traced back to 14 August.
Some highlighted the discovery of a Dropbox tutorial file in a compromised account which suggests that the third-party cloud storage service could have been a source of some images.
Additionally, an exploit against Apple’s Find My iPhone service was posted on Github three days ago. The exploit used a “brute-force” attack to determine a password, indicating that there may be vulnerabilities in Apple’s service that have been exploited if attackers had access to the email address of a celebrity or their manager.
The original hack seems to have been performed by “chaining” between accounts: once a hacker gained access to one account, they could reach out to the contact list and attempt attacks on other accounts.
An interesting investigation into the EXIF data related to some of the photos posted online was started by InfoSec Taylor Swift, a Twitter account that was originally created as a witty fusion of the country singer and security reflections. EXIF data can unveil additional information about a photograph, such as when and where it was taken, and the device used.
The Twitter user Swift posted the EXIF data from the alleged Kate Upton pictures onto the code-pasting site Pastebin, discovering that the photos appeared to have originated from her boyfriend’s device, not Upton’s herself.
Apple has not yet released a statement clarifying how many iCloud accounts were compromised. However, they received heavy condemnation due to the lack of protection against “brute-force” attacks which could disclose a password.
Others have proposed that some photos were accessed by staff with the ability to access iCloud backups. Apple, however, claims in its support documents that iCloud backups are encrypted to protect unauthorized access to the data.
Dan Kaminsky, chief scientist at whiteops.com, commented that it is likely someone had initially hacked desktops, and another individual hacked into the hacker’s system.
There is ongoing confusion over the implications of the hack, with Swift alerting users that this is only the beginning and many celebrities may yet be affected.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
