Icloud hack celebrity photos


icloud hack celebrity photos
[[Updated]] Massive iCloud Hack Causes Hundreds Of Nude Celebrity Photo Leaks - Likes Of Jennifer Lawrence And Kate Upton Included

Apple’s well known for it’s secure services and devices. After all, with the amount of credit card data the company possesses due to iTunes, one has to take appropriate security measures. However, it seems like Apple has failed in one critical area – iCloud, and the cost of this failure has resulted in pictures of countless celebrities being leaked online.

The list of celebrities affected by this breach inlcude Jennifer Lawrence, Kirsten Dunst, Kate Upton, Avril Lavigne to name a few. The images surfaced late last night. According to anonymous 4Chan users, the photos have been grabbed from Apple’s iCloud servers.

Photos aren’t the only items acquired by the hacker. According to 4Chan users, the hacker also has videos in his possession, which he/she intends to sell to TMZ. Several celebrities have confirmed that the photos are authentic indeed. But further confusion has been spread in the mix by several claims, including Mary Winstead who claims that the photos were deleted ages ago.

Several others are claiming that the images are fake. A spokesperson for Ariana Grande claimed that the images are ‘completely fake’, while Victoria Justice herself has denied their authenticity via twitter.

However one fact remains that if the hacker is indeed in possession of videos then it must be noted that photos do not work with My Photo Stream. However, an iOS device does automatically back photos up to iCloud during a complete device backup. Trisha Hershberger claims that she does not even use an iPhone or an iOS device and that her pictures are fake as well.

The source of this breach of privacy might have been a vulnerability in the Find my Phone services. According to thenextweb, a python script which emerged on Monday allows hackers to brute force a target’s iCloud password. This is due to a vulnerability in the Find my iPhone service. Following the principles of brute force, the vulnerability allows hackers to guess passwords repeatedly without any repercussions.

A tool to exploit this was uploaded to GitHub and it remained there for two days before being shared on HackerNews. The presence of this vulnerability for two days before being discovered and the subsequent appearance of photos does form a link between events.

Apple patched this vulnerability today at 3:20 am PT but before this countless twitter users were able to download the tool and use it to crack their own passwords. A brute force loophole combined with weak passwords creates a perfect opportunity for data leak.

The tool’s creator, HackApp claims that the loophole has been patched as of now. So stay safe folks, and pick strong passwords for all of your accounts.

Update: In a statement given to Re/Code regarding the alleged iCloud hacking incidents, Apple spokeswoman Natalie Kerris said: “We take user privacy very seriously and are actively investigating this report.”

As is Apple tradition, Cupertino has remained largely silent on this issue. Some experts are suggesting that had two factor authentication been enabled on compromised accounts, then this whole fiasco could have been easily avoided.

This ‘two-step’ authentication in Apple terms sends a numerical code to user device. This code is required for authentication in addition to regular passwords. Since the code regularly changes, it makes it a little bit more difficult to crack accounts which use this process.

Update 2:Apple’s investigation is over and results are out. You can view them here.

Mac Security Blog

Security & Privacy + Security News

Posted on September 2nd, 2014 by Graham Cluley

Jennifer Lawrence in The Hunger Games
You would have had to have been sleeping under a rock for the last day or two not to have seen the headlines about female celebrities whose naked selfie photographs have somehow slipped out onto the internet.

Most attention has been given to the candid photographs of Oscar-winning actress Jennifer Lawrence, model Kate Upton and recording artist Ariana Grande, but the truth is that about 100 other actresses, models and pop stars have had their private naked photographs shared widely on the internet.

The story first broke on Sunday, when links began to be posted on 4Chan image-sharing forum and Reddit alongside claims that suggested that iCloud had been hacked.

iCloud, of course, is Apple's cloud storage and backup service - designed to make your life more convenient if you're using Apple computers or iPhones, not to leak photos that you probably only intended your boyfriend or husband to see.

But many iPhone owners are possibly oblivious to the fact that every time they take a photo, it is invisibly and silently uploaded to iCloud in the background, entering your Photostream, meaning that it can be easily accessible from any other Apple devices you own.

That's not necessarily always a bad thing.

I mean, lets face it, your photos are special to you and many of them will have significant sentimental value. The beauty of something like the Photostream or automatic iCloud backups of your data is that it doesn't matter if you lose your phone or drop it in the bath, you won't have lost your precious photos and other data.

But, of course, there might be ahem... some images that you wouldn't feel comfortable being automatically shared anywhere, which you might want somewhat more paranoid and tighter control over because of their umm... content.

Because if a hacker managed to hijack your iCloud account, they could download all of your photos without ever having to gain physical access to your iPhone.

It's important to stress at this point that there has been no firm evidence that hackers have exploited a security hole in iCloud to help them access the female celebrities' accounts, but the theory has gained ground when proof-of-concept code was uploaded to Github this weekend that used cracking techniques to guess passwords for accounts.

The code, named 'iBrute', allegedly exploited a vulnerability in the Find My iPhone API, and was created by security researchers Andrey Belenko and Alexey Troshichev.

Github code

Although iBrute suggests it uses "brute force" to crack the passwords, it actually uses a dictionary attack - throwing the most popular passwords revealed by past data breaches to see if any of them stick against the wall.

Dictionary attack

Regardless of whether it's a brute force attack or a dictionary attack, the point is that Apple appears to have been failing to properly rate limit failed attempts to access an account.

Apple is said to have now fixed the flaw, which had meant that hackers could rapidly try thousands or even millions of possible passwords in rapid succession, to see which would unlock the door.

But what's not known is if anyone else was aware of the flaw, or whether other security holes exist in iCloud's security that could have allowed hackers' access to private data.

This last weekend, Defcon in Saint Petersburg were given a presentation by Belenko and Troshichev, detailing weak points in iCloud security.

They confirmed that the Find My iPhone API failed to lock out users who failed to enter the correct password on multiple occasions, and that users' iCloud security codes - which are separate from iCloud passwords - might also be vulnerable to brute force attacks as they are typically only four characters long.

In Troschichev and Belenko's opinion, you should never rely upon a four digit iCloud security code - but choose something more complex instead.

iCloud security codes, as explained at Def con St Petersburg

According to Apple iCloud support, "If you enter an incorrect iCloud Security Code too many times when using iCloud Keychain, your iCloud Keychain is disabled on that device [and] your keychain in the cloud is deleted." You then have to access your account from another device.

Is it possible that the 100 celebrity victims could have had their accounts broken into in this way? To be honest, it's hard to imagine that such a thing would be possible - and if it were true, it would throw Apple into a very poor light for not doing more to detect the suspicious activity against its servers.

The truth is that right now, we just don't know. Other factors could have played their part including phishing, the unsafe reuse of the same passwords on multiple websites, or someone close to the celebrities leaking information or meddling with their online accounts.

RELATED: Did Jennifer Lawrence's Naked Photos Leak Out Because She Told the Truth?

Unfortunately, one character in this story who could possibly shed some light, hasn't got very much to say for itself at the moment.

Apple spokeswoman Natalie Kerris issued a curt response to journalists' questions about the celebrity hack, which failed to dispel any concerns that it might be its own systems that were found lacking:

"We take user privacy very seriously and are actively investigating this report."

Clearly with the launch of the long-anticipated iPhone 6 (and possibly an iWatch too?) just days away, Apple is keen not to have any bad news distracting attention.

Some things we can be certain of, however.

Make sure that you are using unique, hard-to-crack passwords for your iCloud account, and protect your account with two-factor authentication.

How to make your iCloud account harder to hack

Whether it is determined that a security hole helped hackers access iCloud accounts or not, it's clear that other threats could put your online data and photographs at risk. For instance, phishing continues to be a thriving business, and it is becoming increasingly common to see iCloud accounts targeted just like online banks, PayPal, or social media sites.

To better protect your iCloud account, and prevent a hacker from accessing your backups, use two-factor authentication.

Apple 2FA

Two-factor authentication (sometimes called two step verification) makes life much harder for hackers attempting to hijack control of your accounts and devices, as it means they require more than just your username and password. They also need a one-time password (OTP) that is sent to your device itself.

In addition, you can set up a 14-digit recovery key that you can print out and keep in safe place. Apple suggests you keep the recovery key to regain access to your account, or if you ever lose access to your devices or forget your password.

Do you use Apple iCloud? Do you think Apple users take security seriously enough? Leave a message below sharing your thoughts.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley ? This entry was posted in Security & Privacy, Security News and tagged Apple, Ariana Grande, Celebrities, Celebrity Hack, Celebrity Photos, Find my IPhone, hacked, Hackers, iCloud, iCloud Hack, Jennifer Lawrence, Kate Upton, Photos. Bookmark the permalink.
Понравиласть статья? Жми лайк или расскажи своим друзьям!
Теги к новости:
Добавить комментарий
Похожие новости:
The “Fantasy” singer and entertainment icon is making all of our fantasies come true! MMMHMMM, the Mariah Carey nude iCloud
Big breaches of security are never fun, but when you're the provider of cloud storage that holds all kinds
A plethora of reports are swirling around the internet that countless private celebrity photos have leaked (no, we’re not
CELEBRITY PHOTO HACK Who is behind the attack that exposed A-listers most private messages? Jennifer Lawrence, pictured here on
UPDATE: Clearly this post was written very early on in this incident and information has since come to light which
Yahoo is just the latest victim of a series of high-profile hacks, some of which have proven to have
Celebrity photo leaks are happening increasingly more often, and it does not seem that celebrities are taking the security of
A plethora of reports are swirling around the internet that countless private celebrity photos have leaked (no, we’re not
Emma Watson Recent Uncensored Leaked Photos Of Celebrities From Apple iCloud Hack 2014 GO HERE: ift.tt/1yopc6b ift.tt
CELEBRITY PHOTO HACK Who is behind the attack that exposed A-listers most private messages? Jennifer Lawrence, pictured here on
iCloud hacked Celebrity Photo Leaked, when it comes to security and reliability Apple is one of the most trusted in
By Tom PayePublished September 1, 2014 Despite a number of celebrities having had their iCloud accounts compromised, a wide-scale
A plethora of reports are swirling around the internet that countless private celebrity photos have leaked (no, we’re not
About Celebs-Place fashion magazine Celebs-Place is collection of HD pics of famous people and celebrities. Jennifer Lawrence hacked
A plethora of reports are swirling around the internet that countless private celebrity photos have leaked (no, we’re not
Emma Watson photo gallery at ThePlace Hundreds of personal photos of female celebrities were posted online last night. Celebrity photo
Whether you follow celebrity gossip or tech news, it seems that both genres have collided paths today in what can
10 Famous People Who REGRET Taking Private Photos, Female Celebrities Attacked In Disgusting Violation Of Privacy - iCloud Hacked, A Closer
CELEBRITY PHOTO HACK Who is behind the attack that exposed A-listers most private messages? Jennifer Lawrence, pictured here on
Whether you follow celebrity gossip or tech news, it seems that both genres have collided paths today in what can
выбрать фон