Leaked Celebrity Photos: Hackers Used Police Tool for Lifting Data
A police tool for lifting data off of iPhones was used by the hackers who leaked more than 400 celebrity photos last weekend, RT reports.
The tool, Elcomsoft Phone Password Breaker (EPPB), has been discussed on the anonymous image forum Anon-IB, where the pictures were leaked initially, and is used to download data from iCloud backups, Wired reports.
The software is sold to government agencies from a Moscow-based company but had been released over the weekend and exploited by the hackers in combination with another hacking tool, iBrute.
The second tool was released by a security researcher and can crack the account password through a flaw in the Find My iPhone tool on iCloud, Wired reports.
The combination allows a hacker to obtain the information in a single folder by making the entry into the backup appear like it is the person who owns the phone and gives access to videos, application data, contacts and text messages.
Jonathan Zdziarski, a forensics consult and security researcher, told Wired, "You don't get the same level of access by logging into someone's [web] account as you can by emulating a phone that's doing a restore from an iCloud backup. If we didn't have this law enforcement tool, we might not have the leaks we had."
The company that sells EPPB markets it by stating this information as a benefit to law enforcement agencies.
"All that's needed to access online backups stored in the cloud service are the original user's credentials including Apple ID ... accompanied with the corresponding password," according to the website, Wired reported. "Data can be accessed without the consent of knowledge of the device owner, making Elcomsoft Phone Password Breaker an ideal solution for law enforcement and intelligence organizations."
The program is not using a backdoor system but instead is reverse engineering Apple's system to gain access.
"When you have third parties masquerading as hardware. it really opens up a vulnerability in terms of allowing all of these different companies to continue to interface with your system. Apple could take steps to close that off, and I think they should," Zdziarski said.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!