By now, you've probably heard about the hundreds of nude celebrity photos that were leaked by a yet to identified hacker on 4chan, the imageboard website. The fiasco involved multiple high-profile celebrities including Jennifer Lawrence, Kate Upton, Ariana Grande, Kaley Cuoco, and others. The hacker even vowed to leak more photos from other celebrities in exchange for Bitcoins.
Now security researchers are picking up the pieces to the puzzle. One very possible theory is that the photos were obtained from iCloud and Dropbox accounts, reports The Guardian. There is also another theory that the pictures were hacked from another hacker, although this is still hotly debated. Given the case, is it really safe to use Apple's cloud storage service? Moreover, can we trust Dropbox?
A couple of days ago, an exploit for Apple's Find My iPhone feature was posted on Github, a hosting service for software development projects. The exploit uses a brute-force attack to force out passwords. Researchers believe that the 4chan hacker used a similar technique.
There's even a theory that someone inside Apple with access to iCloud backups could have leaked the pictures, but Apple states that its backups are encrypted. So that might not be the case. Dan Kaminsky, a chief researcher at White Ops Digital Security Solutions, believes that it all started with one hacker who hacked desktops. Then eventually another hacker hacked the first hacker. Apple has yet to comment on the report.
If the celebs' iCloud account passwords were brute forced, the problem seems to be lack of rate limiting by Apple, not lack of crypto.— Christopher Soghoian (@csoghoian) September 1, 2014
Source: The Guardian