A smattering of leaked images of various celebrities in the nude hit the web over the weekend. Initial reports claim the hackers involved managed to infiltrate the iCloud accounts of several high-profile targets, perhaps using the method detailed below.
As Engadget points out, the potential exploit is centered around a project on Github called ibrute. Just one day before the images hit the web, ibrute developers said they’d found a bug in the Find My iPhone service in which the service doesn’t use brute force protection (meaning someone can continue to try different passwords until they get guess the correct one).
#hackapp @DefconRussia AppleID bruteforce tool via FindMyIphone bug. Doesn't lock AppleID. https://t.co/9dG3EjtrLS
— HackApp (@hackappcom) August 30, 2014
Once a hacker has control of the Apple ID of a celebrity, it probably wouldn’t be too difficult to search their inbox or address book for other famous faces (celebs like to mingle with other celebs). Breaking into the first account would have likely required the e-mail address of the initial target, but after that, it’s open season on other celebs.
The good news is that the same developer that spoke of the bug now claims it has been patched.
As always, keep in mind that this is mostly speculation at this time and should be taken with a grain of salt. Apple has yet to comment on the matter but all we know for certain is that we are dealing with a widespread hack involving dozens of celebrities’ private photos.
Update: Apple has confirmed they are currently looking into the potential security breach connected to the celebrity photo hack. “We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris.
Update #2: Apple issues statement on celeb photo hack, says iCloud / Find my iPhone not to blame.
https://www.techspot.com/news/57912-find-iphone-exploit-may-linked-massive-celebrity-photo-hack.html
