dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
812
Dee Bee
Premium Member
join:2005-05-08
St Catharines, ON

1 edit

Dee Bee

Premium Member

Celebrity Compromising Pics Due To iCloud Hack ?

Various celebrities have had compromising photos posted online.

Questions remain as to whether Apple's iCloud was hacked or if another method or methods were used to obtain the photos.

Links to various theories below:

»techcrunch.com/2014/09/0 ··· to-hack/

»www.engadget.com/2014/09 ··· exploit/

»www.theguardian.com/tech ··· -rihanna

»www.cbsnews.com/news/app ··· rts-say/

As some of the articles pointed out, I wonder how many people use two-step verification? I have to say I don't use it myself.

ptrowski
Got Helix?
Premium Member
join:2005-03-14
Woodstock, CT

ptrowski

Premium Member

And I thank them for it.

The Dv8or
Just call me Dong Suck Oh, M.D.
Premium Member
join:2001-08-09
Denver, CO

The Dv8or to Dee Bee

Premium Member

to Dee Bee
I love how it's iCloud's fault idiots respond to stupid emails.

Ctrl Alt Del
Premium Member
join:2002-02-18

Ctrl Alt Del to Dee Bee

Premium Member

to Dee Bee
This appears to have been a brute force attack against the icloud.com website. The website did not lockout multiple failed login attempts, so someone wrote a simple python script that would go through common passwords and brute force attempts to login.

»9to5mac.com/2014/09/01/v ··· o-leaks/
Daemon
Premium Member
join:2003-06-29
Washington, DC

Daemon to Dee Bee

Premium Member

to Dee Bee
The original claim that it was an iCloud breach came from an anonymous 4chan poster. Given that many in the pictures are not using iPhones, and the list of people affected is very long, I think that the original claim was merely speculation and isn't actually the case.

Some of the people affected claim the pictures are years old and were deleted long ago.

Others have claimed the pictures are fake, some of which has been shown to be true. (Of course, other claims of fake photos are actually PR screens)

One theory I've read is that there is a darknet celeb picture trading ring that has been operating for quite a while, requiring payment of new, unseen pictures as a membership fee. I find this story more plausible--it would explain why so many in the photos are using Android phones, and would explain the age of some of the photos. Given my experience interacting with the underbelly of the internet 15-20 years ago (back when IRC and FTP ruled the roost), and my understanding of the seediness of Hollywood, I would not at all be surprised if this were the case. Some photos come from a hack, some from an ex fling, some from a geek squad member, etc.

Alcohol
Premium Member
join:2003-05-26
Climax, MI

Alcohol to Ctrl Alt Del

Premium Member

to Ctrl Alt Del
said by Ctrl Alt Del:

This appears to have been a brute force attack against the icloud.com website. The website did not lockout multiple failed login attempts, so someone wrote a simple python script that would go through common passwords and brute force attempts to login.

»9to5mac.com/2014/09/01/v ··· o-leaks/

if true then apple is to be blamed 100% for this. no way their payment nfc thing is going to be taken seriously now.

Ctrl Alt Del
Premium Member
join:2002-02-18

Ctrl Alt Del

Premium Member

said by Alcohol:

if true then apple is to be blamed 100% for this. no way their payment nfc thing is going to be taken seriously now.

Apple's security on the phone is top notch. Their web services, not so much. Using two factor authentication would have helped in this instance, which they now offer, because of the last big attack on their web services.

Mike
Mod
join:2000-09-17
Pittsburgh, PA

Mike

Mod

Sort of like organic chemistry whereas the top grade is a D but curved to an A?

Ctrl Alt Del
Premium Member
join:2002-02-18

Ctrl Alt Del

Premium Member

said by Mike:

Sort of like organic chemistry whereas the top grade is a D but curved to an A?

Grading on a curve means your performance is compared to others. If Apple's web service security were compared to others (Facebook, Google, Microsoft, etc), they'd fail. It seems that Apple still prefers user convenience over inconvenient security.

Which sucks, because Apple's work on securing your physical device has been very thorough. Apple's work in securing iOS is extremely commendable: »twit.tv/show/security-now/446

Mike
Mod
join:2000-09-17
Pittsburgh, PA
·Verizon FiOS

Mike

Mod

Work smart, not hard.

The amount of jailbreaks that exist is disheartening.

The fact that Cydia is actually thriving is a bad mark to the device security.... and that their lawyers haven't ripped the guy behind it to shreds is lack corporate enforcement.

TigerLord

join:2002-06-09
Canada

TigerLord to Dee Bee

to Dee Bee
Jennifer Lawrence looks absolutely stunning.

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

1 edit

Thinkdiff to Mike

MVM,

to Mike
There hasn't been a remotely executable jailbreak in quite some time. Current jailbreaks rely on repeated, explicit user interaction with a fully unlocked device connected to a computer also requiring user interaction.

Yes, it could be more secure, but it's still a hell of a lot better than many other mobile devices and even many non-mobile systems.

And there's nothing illegal about Cydia itself. Distributing jailbreaks.. more questionable (although still likely legal). But Cydia is fine. (also, never head of the Streisand effect?)

prior
@68.63.161.x

prior to Dee Bee

Anon

to Dee Bee
the accounts of the postings prior to 4chan have one or two comments, out of many, claiming they had gotten the images from icloud.

--
in other news, supposedly one of the people who put them on 4chan, has already moved but promised to continue posting. and that dark network is split into two sides now, for and against the publications.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron to Daemon

Premium Member

to Daemon
said by Daemon:


One theory I've read is that there is a darknet celeb picture trading ring that has been operating for quite a while, requiring payment of new, unseen pictures as a membership fee. I find this story more plausible--it would explain why so many in the photos are using Android phones, and would explain the age of some of the photos. Given my experience interacting with the underbelly of the internet 15-20 years ago (back when IRC and FTP ruled the roost), and my understanding of the seediness of Hollywood, I would not at all be surprised if this were the case. Some photos come from a hack, some from an ex fling, some from a geek squad member, etc.

This would be the most plausible theory IMO. The fact that so many pictures are floating around seems to indicate that iCloud wasn't the only entity to blame. It probably bears the brunt of it, but if I were conspiratorially minded, I'd think that blaming iCloud security would be a scapegoat used to hide the existence of said ring.

EQ

ptrowski
Got Helix?
Premium Member
join:2005-03-14
Woodstock, CT

ptrowski to Mike

Premium Member

to Mike
said by Mike:

Work smart, not hard.

The amount of jailbreaks that exist is disheartening.

The fact that Cydia is actually thriving is a bad mark to the device security.... and that their lawyers haven't ripped the guy behind it to shreds is lack corporate enforcement.

Where do you think Apple get's some of their developers and ideas from?

Ctrl Alt Del
Premium Member
join:2002-02-18

Ctrl Alt Del to Mike

Premium Member

to Mike
No it isn't. The existence of jailbreaks and Cydia is a testament to how badly people want to escape from the protection/jail that Apple built into the device. These people are persistent, and as with DRM and other activation technologies, someone else will find a way around these blocks: »theiphonewiki.com/wiki/Timeline

The exploits needed though are sometimes insane and sometimes it's only a tethered jailbreak. (A tethered jailbreak requires your iOS device to be connected to a computer for remote code injection, unthethered means you can reboot your phone and it will remain jailbroken without help from an outside computer).

Android phones have the same thing. What do you think rooting is?

YukonHawk
join:2001-01-07
Patterson, NY

YukonHawk to Dee Bee

Member

to Dee Bee
Just another reason not to trust the cloud.

haroldo
join:2004-01-16
USA

4 edits

haroldo to Dee Bee

Member

to Dee Bee
Apple’s Two Factor Authentication Doesn’t Protect iCloud Backups Or Photo Streams

»techcrunch.com/2014/09/0 ··· d=pushup
quote:
On the user front, all of the standard pieces of advice still apply. Use a complex password, do not share it with anyone, use a private email if at all possible for your ID — one you also don’t share with anyone

Robert
Premium Member
join:2001-08-25
Miami, FL

Robert to Dee Bee

Premium Member

to Dee Bee
They must have logged on wrong
EdmundGerber
join:2010-01-04

EdmundGerber to haroldo

Member

to haroldo
said by haroldo:

Apple’s Two Factor Authentication Doesn’t Protect iCloud Backups Or Photo Streams

»techcrunch.com/2014/09/0 ··· d=pushup

quote:
On the user front, all of the standard pieces of advice still apply. Use a complex password, do not share it with anyone, use a private email if at all possible for your ID — one you also don’t share with anyone

And yet this is what Apple's Tim Cooke says would have protected those photo's. Is he lying?
Riamen
Premium Member
join:2002-11-04
Calgary

Riamen

Premium Member

said by EdmundGerber:

And yet this is what Apple's Tim Cooke says would have protected those photo's. Is he lying?

It would have prevented the culprits from guessing the user's security questions and gaining access to the account in the first place. 2FA replaces the security questions.