Icloud leaked celebrity photos


Countless celebrity nude photo leaks being blamed on supposed iCloud hack (Updated)

A plethora of reports are swirling around the internet that countless private celebrity photos have leaked (no, were not going to link you), andwhat are as of right now baselessrumors claim that someone found a vulnerability in Apples iCloudplatform and exploited it to obtain the images. Of the celebrities reportedly involved are Jennifer Lawrence, Kate Upton, Avril Livigne, Mary Elizabeth Winstead, Mary Kate Olsen, Hillary Duff, and many others.

News of the leaked images first started spreading on a 4chan /b/ thread earlier today, where many users have made claims that the leaks are due to at least one person maliciously exploiting iCloud and various celebrities cell phones. Reports on 4chan also claim that the hacker has acquired videos as welland intends to sell them to TMZ for as much as six figures. Of course, most of this information is from an anonymous 4chan board, so take it with a heaping pile of salt.

But the fact remains that these private photos are definitely making the rounds, and many celebrities have taken to Twitter to seemingly confirm that at least some of them are indeed real. Most notably, Mary Winstead says she can only imagine the creepy effort that went into the leaks.

Photo Stream automatically syncs photos to iCloud as theyre taken, but its not yet known how the hackerif they did indeed manage to hack iCloudgot ahold of so many different celebrities photos across so many accounts. Mary Winstead mentions that the leaked photos of hers were deleted long ago, which raises even more questions includingwhether or not a deleted iCloud photo is ever truly deleted. But that, of course, assumes that iCloud is the problem here.

As many have noted intending to prove that iCloud isnt the source of these nudes, videos dont work with My Photo Stream. You can, as of iOS 7, upload them to shared streams (and therefore iCloud) and, perhaps more importantly, iCloud will also upload them to the cloud when performing a full device backup. Having access to an iCloud account would mean that a hacker could effectively restore the account to a wiped phone.

Some celebrities have reported that they dont even use an iPhone, which leads most to believe that the hacker got these filesfrom multiple sources (which is probably likely anyway) orthat some other cloud service could bethe real culprit. Perhaps more interesting, however, is that some celebrities, namely Trisha Hershberger, have proven that their nudes are actually fake and, coincidentally, they dont use an iPhone.

Weve reached out to Apple for comment on the situation. In the meantime, now is a good time to remind you to turn on two-factor authentication on your iCloud account.

Update: A vulnerability in the Find My Phone service may have allowed hackers to brute-force themselves into celebrity accounts.

Its still speculation at this point that iCloud is involved at all, but avulnerability found in Find My iPhone could have permitted hackers to brute-force their way into accounts by guessing a huge number of passwords that fall in line with Apples criteria. In order for this method of attack to work, the accounts of the celebrities in question would have to have relatively weak passwords. But as many celebrities know each other and would have other celebrities contacts in their address books, its possible that contacts data could be used to identify the account email addresses of others, effectively creating a chain of hacks.

The program,being called iBrute and exploiting a flaw now patched that let the program guess an unlimited number of passwords without being locked out, hasnt been linked directly to any attack on iCloud. But saidsecurity flaw that it took advantage of came to light and was fixed on the same day of the leak of countless private celebrity photos, so the timing is definitely a little uncanny.

Update 2: Apple has issued a statement to Re/codesaying that theyre actively investigating whether or not iCloud was actually involved in leaking the private images. We take user privacy very seriously and are actively investigating this report, Natalie Kerris, spokesperson for Apple, said.

Update 3: As pointed out by Mashable, the iBrute program was released just three days before the leak of the first celebrity photo, which may not have been enough time for this specific vulnerability to have been exploited to the extent needed to leak hundreds of celebrities nude photos.On August 30th,Andrey Belenko and Alexey Troshichev, security researchers withviaForensics and HackApp, respectively, gave an in-depth report (link to presentation slides) at Defcon Russia on the state of iCloud security, and iBrute was their proof of concept.

In the presentation,viaForensics actually outlines how Find My iPhone isnt the only security flawhere. Supposedly, hackers may have been able to guess a users iCloud Security Code offline, which therefore not triggering a lock out mechanism similar to one that was missing from Find My iPhone.

In terms of how this applies to the issue at hand, the iBrute Find My iPhone flaw being patched this morning may have simply been a result of this security talk and had nothing to do with the leaked images.

Update 4: Actress Kirsten Dunst appears to credit iCloud for her photos beingleaked.

Update 5: The United StatesFBI is investigating the alleged iCloud hack, according to an FBI spokesperson (via The Telegraph):

[The FBI is]aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter.Any further comment would be inappropriate at this time.

Update 6: Apple has denied that iCloud was actually breached, and says that this was actually a very targeted attack on certain celebrities.

icloud leaked celebrity photos
Celebrity Photo Leak: Is Poor iCloud Security to Blame?

Apple has for the first time acknowledged reports of an untold number of nude or compromising photos allegedly stolen from celebrities' Apple iCloud accounts.

"We take user privacy very seriously and are actively investigating this report," Apple representatives told Mashable.

While that doesn't admit any kind of culpability in the attack, which was first reported Sunday, security experts are already pointing the finger at not one but two flaws in iCloud security.

See also: The 25 Worst Passwords of 2013

According to a report in TheNextWeb, a hack called iBrute was posted Saturday on GitHub by mobile security firm HackApp. Though technically a mere proof of concept, it showed hackers how to exploit an apparent "brute force" vulnerability in the Find My iPhone API.

Find My iPhone is part of a trio of services connected to iCloud, including Photo Stream and Apple's password manager, iCloud Keychain. A brute-force security attack is essentially a trial-and-error-way of breaking through security, and it usually only works if there is a weakness in the security of a system that allows an unlimited number (or a very high number) of login attempts.

Most systems you log into protect from brute-force attacks by locking up the system or the account, usually temporarily, after a certain number of failed login attempts. The iPhone itself, for instance, will lock you out for a few minutes if you try the wrong security passcode too many times in a row.

But apparently Find My iPhone did not have any such limits until just now. Early Monday, HackApp reported that Apple had patched the vulnerability.

Apple has not confirmed or denied the existence of any such vulnerability or patch.

Unleash the brutes

According to Andrey Belenko, senior security engineer for mobile security firm viaForensics, iBrute was posted roughly 36 hours before the first photos leaked, which may not have been enough time for such a brute force attack to work.

Belenko should know. On August 30, he and Alexey Troshichev of HackApp presented at Defcon in Saint-Petersburg, Russia, a fascinating report on iOS 7 and iCloud security. A deck from the presentation is below:

It's dense reading, but the thrust of it is that iCloud security has two potential weak spots.

Find My iPhone may be only half of the weakest link. It does not have the same level of password protection no lock out mechanism for too many incorrect password attempts or user alerts as other components.

A user's iCloud security code which is separate from the user's iCloud password is the second half of the issue. The code defaults to just four digits (although it can be more complex if the user chooses) and may also be vulnerable to a brute force attack.

According to Apple iCloud support, "If you enter an incorrect iCloud Security Code too many times when using iCloud Keychain, your iCloud Keychain is disabled on that device [and] your keychain in the cloud is deleted." You then have to access your account from another device.

This hardware-based security would seem to be a pretty significant roadblock for hackers, who likely don't have access to any of the victim's devices.

However, viaForensics' presentation indicates hackers found a weaker security point. According to their analysis, a hacker has (or had, until the apparent patch) the ability to guess a user's iCloud Security Code offline, which would theoretically not trigger any lockout due to failed logins.

That meant the hacker could easily apply brute force (an extremely quick exercise for just a four-digit code) to get access to a user's iCloud keychain. Whether or not they had the actual iCloud password at the outset, they'll probably have enough access at this point to get whatever they want.

Why so many?

Even if all this is true, why were so many accounts apparently hacked? A leading theory is that there were a handful of accounts that were used to find contact details, including email addresses, for the others. With those IDs in hand, the hackers simply continued to apply the brute-force attack (probably starting with the same list of potential passwords that was posted along with iBrute) until they had access to other accounts' iCloud data including, crucially, Photo Stream (iOS photos stored in iCloud).

There's also the possibility that the photos, some of which are confirmed as authentic, may have come from a different source. Belenko, for one, is not so sure there's a cause and effect here. When asked if he or HackApp felt at all responsible and if they had given Apple a chance to patch the alleged hole before presenting iBrute, he replied on Twitter: "Don't know if it was disclosed (it should've been). I don't think that tool and the leak are connected though."

? !
Celebrity photo hack
Emma Watson and Amanda Seyfried are in the news, and its not for their March movies Beauty and the
Icloud leak photos of celebrities
Emma Watson Recent Uncensored Leaked Photos Of Celebrities From Apple iCloud Hack 2014 GO HERE: ift.tt/1yopc6b ift.tt
?emma watson photo hacked
Private images of the actress are said to be on the "dark web" Watson's reps confirmed that pictures had
Celebrity hack icloud photos
CELEBRITY PHOTO HACK Who is behind the attack that exposed A-listers most private messages? Jennifer Lawrence, pictured here on
Icloud hacked photos celebrity
iCloud hacked Celebrity Photo Leaked, when it comes to security and reliability Apple is one of the most trusted in
Celebrity hacked photos
By Tom PayePublished September 1, 2014 Despite a number of celebrities having had their iCloud accounts compromised, a wide-scale
Icloud celebrity hack photos
A plethora of reports are swirling around the internet that countless private celebrity photos have leaked (no, were not
?leaked photos celebrities
Search results Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more
Hacked celebrities photos icloud
A plethora of reports are swirling around the internet that countless private celebrity photos have leaked (no, were not
Jennifer lawrence photos leaked
About Celebs-Place fashion magazine Celebs-Place is collection of HD pics of famous people and celebrities. Jennifer Lawrence hacked
Hacked icloud celebrity photos
A plethora of reports are swirling around the internet that countless private celebrity photos have leaked (no, were not
Icloud celebrity photo leaks
Nairaland Forum / Entertainment / Celebrities / [LEAKED] Celebrity Nud3 Photos Icloud Hacked Images Download (110850 Views) Another Guy Leaks Girlfriends Nud3 Photos
Photo nude celebrity
Bollywood Celebrities Who Were Victims Of The Leaked Naked Pictures 15 Most Shocking Nude Photo
Leak photo emma watson
Emma Watson photo gallery at ThePlace Hundreds of personal photos of female celebrities were posted online last night. Celebrity photo
Photos celebrity hack
Whether you follow celebrity gossip or tech news, it seems that both genres have collided paths today in what can
Hacked celebrity photo
10 Famous People Who REGRET Taking Private Photos, Female Celebrities Attacked In Disgusting Violation Of Privacy - iCloud Hacked, A Closer
The hacked celebrity photos
CELEBRITY PHOTO HACK Who is behind the attack that exposed A-listers most private messages? Jennifer Lawrence, pictured here on
Faked celebrity photos
Whether you follow celebrity gossip or tech news, it seems that both genres have collided paths today in what can