iCloud Vulnerability May Have Allowed For Celebrity Nude Hack
In the wake of leaked nude photos of dozens of celebrities, tech blogs are suggesting that a recently-patched flaw in a popular iPhone app may have created the opportunity for the photos to be hacked. The vulnerability was announced just a day before the images were leaked, and was patched later yesterday.
The problem allowed hackers to use “brute force” to find iCloud passwords through the Find My iPhone app, i.e. use an automated program to repeatedly guess passwords. Normally, repeated incorrect log in attempts would cause the account to lock down, but this wasn’t happening.
A script was posted to code-sharing site GitHub, claiming to exploit the vulnerability. Apple has refused to comment on the problem, but the app’s security was fixed as of early today.
If it is the source, hackers would have needed each of the celebrity’s email addresses before targeting their passwords; or, they may have only needed one, and then gotten the others after accessing the iCloud account of the first.
The timing could be coincidental; the celebrity photos could have been leaked through any number of more conventional means, and several celebrities have said their pics are fake.