iTnews

Apple washes hands of celebrity iCloud hack

By Juha Saarinen on Sep 3, 2014 5:29AM
Apple washes hands of celebrity iCloud hack

Commercial motives behind the data theft.

Apple has denied that its own systems are to blame for the compromise of celebrities' iCloud storage accounts that saw their intimate pictures being posted across internet forums.

The company claims that the celebrities' privacy was breached as a result of targeted attacks that aimed to discover celebrities' log in details, Apple said.

"We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the internet."

"None of the cases we have investigated has resulted from any breach in any of Apple`s systems including iCloud or Find my iPhone," Apple said in a statement to United States media.

Raids of this sort on cloud-based back-up storage facilities are likely to be routine for seasoned hackers.

Security researcher Nik Cubrilovic claims that the recent breach "seems only to be scratching the surface". 

Cubrilovic said trading networks exist that are comprised of loosely organised groups of people, each with specific roles to facilitate the data theft.

The activity is mostly done in private and rarely shared with the public, Cubrilovic said.

"The goal is to steal private media from a target's phone by accessing cloud based backup services that are integrated into iPhone, Android and Windows Phone devices. To access the cloud based backup requires the users ID, password or an authentication token".

Attackers scour Facebook and other social media to collect as much information as possible, he said. This also includes going through public records for celebrities as well as purchasing credit reports on them.

The information gleaned is then used to work out answers to secret questions for password resets, along with phishing emails for that request the same information.

He said that Apple's iCloud is the most popular target as it is popular and the image backup to the cloud is enabled by default.

Furthermore, Cubrilovic said Apple accounts "seem particularly vulnerable" as it is possible to detect if email addresses have an associated iCloud account.

It also appears to be possible to automate the discovery of valid Apple email accounts, testing by Cubrilovic showed.

posting an email address as JSON to appleid.apple .com /account/validation/appleid returns if it is a valid account or not. no rate limit.

— nik cubrilovic (@nikcub) September 2, 2014

Apple said it is working with police to investigate the breach, which resulted in images being uploaded to the 4Chan webforum in return for payment in Bitcoin.

Yesterday, one of the victims of the iCloud breach, actress Jennifer Lawrence, told Reuters that she had contacted authorities over photos stolen from her iCloud account.

A spokesperson for Lawrence said the data breach was a flagrant violation of privacy and warned that anyone who posts images of the actress will be prosecuted by the authorities. 

The breach may have started some time ago. Another actress, Mary Elizabeth Winstead, whose private photos were also stolen from her iCloud account, noted on Twitter that they were old and had been deleted.

Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked.

— Mary E. Winstead (@M_E_Winstead) August 31, 2014
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
4chanandroidapplecloudfind my iphonehackicloudiphonejennifer lawrenceprivacysecuritystoragetelco/ispwindows phone

Partner Content

5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas
Top 5 Benefits of Managed IT Services
Promoted Content Top 5 Benefits of Managed IT Services
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Don't miss Australia’s premiere IoT Conference on 9th June
Promoted Content Don't miss Australia’s premiere IoT Conference on 9th June

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • 11th Annual Fraud Prevention Summit 2022
  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Juha Saarinen
Sep 3 2014
5:29AM
0 Comments

Related Articles

  • Oracle accredited 'certified strategic' gov cloud provider
  • Researchers devise stealthy phone tracking without fake base stations
  • Azure misconfiguration exposed ISOC members' info
  • Aussie Broadband makes formal $344m bid for Over The Wire
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co to cut 160 applications under $200m IT simplification

NBN Co to cut 160 applications under $200m IT simplification

Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS

Digital Nation

COVER STORY: A Year in the Metaverse
COVER STORY: A Year in the Metaverse
Why do DeFi and DAOs matter to business?
Why do DeFi and DAOs matter to business?
Lendlease launches its own metaverse in Milan
Lendlease launches its own metaverse in Milan
COVER STORY: Data and IoT set digital agriculture on a sustainable future
COVER STORY: Data and IoT set digital agriculture on a sustainable future
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.