UPDATED 13:15 EDT / SEPTEMBER 03 2014

How the nude celebrity photo thieves hacked Apple’s iCloud

1You’ve probably heard all about the ‘scandal’ involving nude photos stolen from dozens of female celebrity iPhone users at the weekend. But now researchers think they’ve worked out how the cyber-pervs have done it – by using a special program that’s designed for law enforcement agencies, but is also conveniently available for anyone to download online.

Wired.com lifted the lid on the Elcomsoft Phone Password Breaker, known as EPPB. Developed and built in Russia, EPPB makes it relatively simple to download the entire contents of someone’s iCloud account – not just the photos and stuff people have uploaded, but a full backup of the device.

It’s a fairly simple process. First, the hackers need to use an iCloud password-cracking tool called iBrute in order to find out their target’s login and password. Once they’re logged into the target account, the hackers use EPPB to trick iCloud into thinking they’re using the victim’s iPhone. This allows them to download a full system backup.

Here’s a full run down of EPPB’s capabilities, straight from the developer’s mouth:

Now your investigation has access to all the secrets stored in iOS, including such highly sensitive data as contacts, call logs, emails, location history, WiFi usernames and passwords, websites, social networking accounts, instant messengers, and more. You can also make a full copy of the device and analyze it in specialized third party software. Getting evidence is easy with the Elcomsoft iOS toolkit.

EPPB is supposedly designed for government agencies, but its developers don’t require any credentials whatsoever to download and purchase it for just $400. Even worse, there are numerous cheaper bootleg copies of the software available on Russian hacker forums, according to Wired.

As far as Apple is concerned, the celebrities were victims of a targeted attack, as opposed to an exploitation of iCloud’s security shortcomings. Even so, Apple quickly and quietly released an update to its Find My iPhone app yesterday which apparently fixed flaws exploited by iBrute. But Wired.com says even that fix hasn’t stopped the pervy hackers in their tracks just yet.

Since the scandal first broke numerous security experts and tech bloggers have posted tips about how to keep your data in the cloud safe. Their advice may or may not be sound, but the truth is there is no guarantee your data can’t be compromised one way or another once it’s up there in the cloud.

Main image credit: Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU