By now you've heard about the massive cache of nude photos that internet scumbags stole from a number of female celebrities. Now, researchers are learning more about how the perv-hackers may have done it: using a password-cracking software designed for police, but available online to anyone who seeks it.
Over at Wired, Andy Greenberg explains the full story behind Elcomsoft Phone Password Breaker, or EPPB. The Russian-built software makes it possible to download the entire contents of an iCloud account—not just the photos stored to an iCloud account, but a full backup of the entire device.
The method is astoundingly simple: First, hackers use iBrute, an iCloud password-cracking software released over the weekend and still readily available to those who seek it, to get a user's login and password. Once the attacker is logged in to an iCloud account, EPPB convinces iCloud that the device the hacker is using is the victim's iPhone, allowing the hacker to download a full system backup. Just check out Elcomsoft's description of the software's capabilities:
Now your investigation has access to all the secrets stored in iOS, including such highly sensitive data as contacts, call logs, emails, location history, WiFi usernames and passwords, websites, social networking accounts, instant messengers, and more. You can also make a full copy of the device and analyze it in specialized third party software. Getting evidence is easy with the Elcomsoft iOS toolkit.
EPPB was designed, ostensibly, for government agencies. But over at Wired, Greenberg waded into Anon-IB, an anonymous forum where scumbags trade nude photos stolen using EPPB. The software maker doesn't require any form of government credentials to download, and even if the $400 price tag throws some hackers off, bootleg copies are widely available.
Apple maintains that the this weekend's celebrity nude theft was a targeted attack, rather than an exploitation of security shortcomings in iCloud. But just yesterday, Apple released an update to Find My iPhone purported to fix the flaws that allowed iBrute to work—though as Greenberg mentions, Anon-IB chatter suggests that the fix hasn't fully stopped the dirtbags yet. Security researcher Jonathan Zdziarski analyzed the metadata included in one of the leaked photos, and told Wired it's consistent with the use of iBrute and EPPB. What's more, that means the thieves who stole the photos could be in possession of even more info than previously thought.
It's frightening enough to think that law enforcement agencies can pry open your locked data without you knowing it. The fact that anyone with the requisite savvy can use those exact same tools is just astounding. [Wired]
Image: Screenshot from YouTube