By now you've heard about the massive accumulation of nude photos that internet scumbags stole from a amount of changeable celebrities. Now, advisers are acquirements added about how the perv-hackers may accept done it: using a password-cracking software advised for police, but accessible online to anyone who seeks it.
Over at Wired, Andy Greenberg explains the abounding adventure abaft Elcomsoft Phone Countersign Breaker, or EPPB. The Russian-built software makes it accessible to download the absolute capacity of an iCloud account—not just the photos stored to an iCloud account, but a abounding advancement of the absolute device.
The adjustment is astoundingly simple: First, hackers use iBrute, an iCloud password-cracking software appear over the weekend and still readily accessible to those who seek it, to get a user's login and password. Once the antagonist is logged in to an iCloud account, EPPB convinces iCloud that the accessory the hacker is application is the victim's iPhone, acceptance the hacker to download a abounding arrangement backup. Just analysis out Elcomsoft's description of the software's capabilities:
Now your analysis has admission to all the secrets stored in iOS, including such awful acute abstracts as contacts, alarm logs, emails, area history, WiFi usernames and passwords, websites, amusing networking accounts, burning messengers, and more. You can aswell accomplish a abounding archetype of the accessory and assay it in specialized third affair software. Getting affirmation is simple with the Elcomsoft iOS toolkit.
EPPB was designed, ostensibly, for government agencies. But over at Wired, Greenberg waded into Anon-IB, an bearding appointment area scumbags barter nude photos baseborn application EPPB. The software maker doesn't crave any anatomy of government accreditation to download, and even if the $400 amount tag throws some hackers off, bootleg copies are broadly available.
Apple maintains that the this weekend's celebrity nude annexation was a targeted attack, rather than an corruption of aegis shortcomings in iCloud. But just yesterday, Apple appear an amend to Find My iPhone declared to fix the flaws that accustomed iBrute to work—though as Greenberg mentions, Anon-IB babble suggests that the fix hasn't absolutely chock-full the dirtbags yet. Security researcher Jonathan Zdziarski analyzed the metadata included in one of the leaked photos, and told Wired it's constant with the use of iBrute and EPPB. What's more, that agency the thieves who blanket the photos could be in control of even added advice than ahead thought.
It's alarming abundant to anticipate that law administration agencies can pry accessible your bound abstracts after you alive it. The actuality that anyone with the requisite adeptness can use those exact aforementioned accoutrement is just astounding. [Wired]
Image: Screenshot from YouTube
No hay comentarios:
Publicar un comentario