Confusion remains over ‘iCloud’ nude image leaks
1 September 2014 | 0
The source of an alleged iCloud hack that saw the release of nude pictures of some of Hollywood’s top actresses remains a mystery today.
A list of dozens of stars including Jennifer Lawrence, Rhianna, Kirsten Dunst and Mary Elizabeth Winstead was dumped online yesterday on discussion board 4chan along with dozens of nude pictures gleened, according to the poster, from compromised iCloud accounts. The number of individuals affected would indicate this was a practice going back some time, with Winstead noting via Twitter that the pictures of her had been deleted some time ago.
Apple has yet to comment on the incident but so far there are two schools of thought as to what happened. The first relates to a flaw in Apple’s Find my iPhone login page that made it vulnerable to ‘brute force attacks’ as it did not put have measures such as limited login attempts or Captchas to add as proof of a person instead of a piece of software behind the attempt to access the account. This bug, exploited by the ‘iBrute’ application posted to code repository GitHub has since been fixed by Apple.
If the issue of finding passwords can be explained by a security bug what remains unknown is the source of the corresponding e-mail address. This relates to the second school of thought on the hack: that someone had compromised either an e-mail account or device with a substantial contact book.
Whatever about how long the hack took, there are question marks over the how real some of the leaked images are. While a statement from Lawrence confirmed her pictures were real (and that anyone sharing them would be prosecuted), singer Victoria Justice said her’s were fakes made up of of her head superimposed on top of a nude model.
Social network Twitter, Reddit, 4chan, and meme generation website Imgur have been pulling images and discussion threads and blocking accounts of users sharing any images associated with the breach.
Should iCloud actually turn out to be at the root of the problem, it is worth noting that it can be turned off in a device’s settings and that the users can choose not to upload images. Alternatively, you can activate two-factor authentication, which requires the user to input a security code sent to their handset on top of their Apple ID and password every time their log in or make a purchase through the App Store.
This is not the first time high-profile celebrities have had their private moments dumped online but there is a history of the leakers being tracked down, as well. In 2012 ‘Hollywood Hacker’ Christopher Chaney was sentenced to 10 years in prison for leaking pictures Scarlett Johansson, Mila Kunis, and Christina Aguilera among others.