Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 13 MINUTES AGO.
You are here: Home / Cloud Computing / iCloud Flaw: Celeb Nude Pics Hacked
iCloud Security Flaw Allows Nude Celeb Photo Dump
iCloud Security Flaw Allows Nude Celeb Photo Dump
By Jef Cozza / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
SEPTEMBER
02
2014

Nude photos, videos, and personal files belonging to actress Jennifer Lawrence and other Hollywood celebrities were stolen from Apple’s iCloud storage service and released on the Internet on Sunday.

The images of Lawrence, singer Rihanna, actress Lea Michele and model Kate Upton were released on the online message board 4chan. Private photos of up to 100 other celebrities may have been stolen from iCloud, according to reports.

Hack Type Still a Mystery

Although it is still unclear how the hacker managed to break into personal iCloud accounts, the attack may have exploited a bug known as iBrute, a Python script in Apple’s Find My iPhone service. The bug had been posted on GitHub, a code-sharing Web site a few days before the attack. Find My iPhone allows users to track the location of lost or stolen handsets and disable them remotely.

The bug allowed hackers to use a Python script to try an infinite number of passwords until hitting the right one, a type of hack known as a “brute force” attack. Typically, Web sites and other services lock down an account after too many failed attempts to prevent such an attack from succeeding.

Alternatively, the attack may have involved a “phishing” expedition, in which individuals are tricked into sharing their passwords themselves. Typically, a phishing attack involves an e-mail purporting to be a legitimate request from a company, Apple in this case, for the user to enter his authentication details.

Even though the identity of the individual or group responsible for the hack is unknown, that person or persons could face serious jail time if discovered. In 2012, hacker Christopher Chaney was sentenced to 10 years in prison for stealing and leaking photos of Mila Kunis and Scarlett Johansson from their private accounts. Lawrence has said through her publicist that she intends to push for a criminal investigation into the leaks. Both the FBI and Apple have said they are investigating the attack.

Bad Timing for Apple

The news comes just one week before Apple’s special media event promoting its new iPhone. The development could be a public relations nightmare for the tech giant that was looking to hype the new iPhone’s rumored near field communication technology, which would allow customers to use their iPhone handsets to make physical purchases. That functionality may be much less attractive in the light of iCloud’s security issues, even though iCloud would not likely be a component in the new payment system.

The attack has certainly done the cloud storage service no favors in terms of celebrity endorsements, with actress Kirsten Dunst tweeting “Thank you iCloud” and an obscene emoji to convey her disapproval of the service.

One victim, actress Mary Elizabeth Winstead, confirmed that the photos were indeed real. Winstead said she believed she had deleted at least some of the photos several years ago, suggesting the hacker was able to access archived or backup copies of at least some of the stolen photos. Apple said it has since closed the security flaw that allowed hackers to download the photos.

Some users may have even been completely unaware they were backing up their photos to iCloud. Copies of pictures taken with iPhones or other devices are automatically stored on iCloud if users enable the Photo Stream service on their phones. Deleting a photo from the Camera Roll on the phone does not remove the backup on iCloud. Users would have to also delete the images from Photo Stream to make sure they are removed from iCloud.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CLOUD COMPUTING

NETWORK SECURITY SPOTLIGHT
A state prosecutor's office in Pennsylvania was among hundreds of thousands of victims of a now-shuttered international cybercrime operation, paying nearly $1,400 in a bitcoin ransom.
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.