While Apple has said that most users need not be concerned about their iCloud accounts in light of the recent hack of celebrities’ nude photos that were taken using pilfering techniques, the tool that might have been used to retrieve the images could be one meant for law enforcement use only.
According to Wired, hackers were discussing how the photos could have been taken on an online forum known for its stolen nudes. On Anon-IB, users discussed Elcomsoft Phone Password Breaker, software designed for forensic professionals to access backups on devices that are password protected. The company’s website describes how Apple’s iCloud can be used to retrieve data from these devices.
“The Forensic edition of Phone Password Breaker enables over-the-air acquisition of iCloud data without having the original Apple ID and password. Password-free access to iCloud data is made possible via the use of a binary authentication token extracted from the user’s computer,” EPPB’s website stated, noting that the owner need not consent or know their device data was accessed. “The Forensic edition of Phone Password Breaker comes with all the tools necessary to acquire and decrypt such tokens from Windows and Mac OS X computers. During the extraction, authentication tokens for all users of that computer can be extracted, including domain users (providing that their system logon passwords are known). The tools are available in Windows and Mac versions correspondingly.”
EPPB says that its tool can give “investigators with near real-time access to essential information,” targeting specific data for download rather than taking hours to retrieve the whole iCloud backup.
The company describes the software as ideal for law enforcement and intelligence organizations.
But Wired noted how on Anon-IB it appears hackers are using the tool designed for investigators to hack into victims’ iCloud backups to steal nude photos and upload them to their site.
“Use the script to hack her passwd…use eppb to download the backup,” one post on the forum said, according to Wired. “Post your wins here ;-)”
Security researcher Jonathan Zdziarski told Wired that his analysis of the theft of model Kate Upton’s photos confirms a program like EPPB or another system that exploits the popular app “Find My iPhone” to guess passwords was likely used.
Zdziarski said if law enforcement tools like EPPB weren’t available, “we might not have the leaks we had.”
According to Wired, the $399 program, which is available illegally for free on some other websites, does not require purchasers to prove they are with law enforcement or the government.
Zdziarski told Wired that he believes Apple could do more to protect its users from software that reverse engineers its own system for access to user data.
“Apple could take steps to close that off, and I think they should,” he said.
The FBI is conducting an investigation into the hack, which affected celebrities like Jennifer Lawrence. Similar investigations have involved the use of search warrants and digital forensics to determine how hackers obtained everything from Paris Hilton’s contact list to nude photos of actresses Scarlett Johansson and Mila Kunis.
Front page image via Shutterstock.