Actress Kirsten Dunst (Reuters)
The major leak of nude celebrity photos last weekend was made possible by software designed to let law enforcement lift data from iPhones with ease. The software is used in tandem with a tool made public recently that can crack Apple iCloud passwords.
According to Wired, hackers talk openly on the anonymous image forum Anon-IB about their use of EPPB, or Elcomsoft Phone Password Breaker, to download data from iCloud storage backups.
EPPB and like programs work to reverse engineer smartphone software to access a device’s data, but only with the aid of iBrute, the password-guessing software for iCloud. The iBrute software, recently released by security research Alexey Troshichev, was made to exploit a flaw in Apple’s ‘Find My iPhone’ feature to lift users’ iCloud passwords, running through numerous attempts to crack the account before eventual success.
Used in tandem with iBrute, “EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com,” Wired reported. This provides far more data for hackers, including videos, application data, contact information, and text messages, according to Jonathan Zdziarski, a forensics consult and security researcher.
Actress Jennifer Lawrence (Reuters)
Zdziarski analyzed the metadata from the leaked photos and determined that the material came from a downloaded backup, which is consistent with the use of iBrute and EPPB.
“You don’t get the same level of access by logging into someone’s [web] account as you can by emulating a phone that’s doing a restore from an iCloud backup,” said Zdziarski. “If we didn’t have this law enforcement tool, we might not have the leaks we had.”
Read more at RT News