Apple Claims iCloud, 'Find My iPhone' App Weren't At Fault For Celebrity Nude Photo Leak
Technology giant Apple has released a statement saying that there were no security leaks in its iCloud and in the 'Find my iPhone' app that were at the center of a celebrity hacking scandal that saw the release of hundreds of nude photos of female celebrities including "Downton Abbey" star Jessica Brown Findlay, Oscar-winner Jennifer Lawrence and supermodel Kate Upton over the weekend.
The company says that after nearly two days of investigating it hasn't found any leaks in its security systems that would have made its users' private information vulnerable to hackers, and that the celebrities whose private photos were stolen from its iCloud were the targets of pinpoint attacks.
" We wanted to provide an update to our investigation into the theft of photos of certain celebrities," the company said in a statement on Tuesday. "When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us.
"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud® or Find my iPhone.
"We are continuing to work with law enforcement to help identify the criminals involved. To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification."
Wired.com reports that hackers may have used a tool intended for law enforcement to crack into the iCloud, as it can emulate that of a cell phone and download a full backup of someone's iPhone from the cloud, gaining access to more than just photos, like videos, past texts, emails, etc.
According to Wired, web forum Anon-IB, a place for people to anonymously post photos, has had numerous discussions about using the software Elcomsoft Phone Password Breaker (EPPB) to get into the backups. The software is made in Russia by a forensics firm and isn't intended for public use.
There was also a password cracking program released over the weekend, called iBrute, that may have been used in conjunction with the Russian program that would make the job pretty simple.
The news comes at a bad time for Apple, which is set to release its iPhone 6 in the next week, among other products and a new operating system that is more cloud-based.