Metadata of Leaked Celebrity Photos Suggest They Came From Complete iPhone Backups

Wired reports a forensics consult and researchers says that after analyzing metadata from leaked photos of Kate Upton, it appears that the photos were obtained using Elcomsoft Phone Password Breaker (EPPB) – software intended for use by law enforcement officials – which allows users to download a complete backup of all data on an iPhone once the iCloud ID and password have been obtained.

Screenshot – Courtesy of 9to5Mac

Wired, via 9to5Mac:

If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages …

While the app is intended to be sold only to law enforcement officials, pirated copies are widely available on torrent sites.

A report from the Daily Mail suggests the party responsible for most of the leaked celebrity photos – “OriginalGuy” – worked with hackers to obtain the files.

“Guys, just to let you know I didn’t do this by myself. There are several other people who were in on it and I needed to count on to make this happened (sic). This is  the result of several months of long and hard work by all involved. We appreciate your donations and applaud your excitement.”

While the software still requires the Apple ID and password of the targeted party, Apple has denied reports that a Find My iPhone vulnerability was used to obtain the information via brute-force password attacks.

While the software tool possibly used in the leaked celebrity photos and videos was not created with any cooperation from Apple, Zdziarski believes the company should make it ore difficult to obtain such access.

The Russian company’s tool, as Zdziarski describes it, doesn’t depend on any “backdoor” agreement with Apple and instead required Elcomsoft to fully reverse engineer Apple’s protocol for communicating between iCloud and its iOS devices. But Zdziarski argues that Apple could still have done more to make that reverse engineering more difficult or impossible.

The FBI is currently investigating the situation, and we’ll keep you posted as we hear more.

Chris Hauk

Chris is a Senior Editor at Mactrast. He lives somewhere in the deep Southern part of America, and yes, he has to pump in both sunshine and the Internet.