Yesterday a thread appeared on notoriously NSFW forum site 4chan, promising to post nude photos of actresses Jennifer Lawrence, Kate Upton and Ariana Grande in return for Bitcoin donations.
Publicists for Lawrence and Upton confirmed the pictures were real (although Grande’s insisted they were “completely fake”). But how did the hacker get access to their photos?
Experts pointed to a glitch, known as “iBrute”, in Apple’s iCloud software, which means it was vulnerable to “bruteforce” hacks, allowing hackers to try out (potentially) thousands of passwords, rather than being locked out after a few tries.
Is it a coincidence the flaw was only discovered just two days ago, and detailed on coding website Github?
According to those in the know, the glitch has now been patched by Apple:
The end of fun, Apple have just patched FindMyIphone bug. So ibrute is not applicable any more.— HackApp (@hackappcom) September 1, 2014
But there’s also a risk the fix might not be completely effective in all regions (Nancy Dell’Olio watch out):
And according to a supposed “master-list” doing the rounds online, Lawrence, Upton and Grande aren’t the only ones targeted. The full list includes Avril Lavigne, Amber Heard and Cara Delevigne as well. Presumably the photos will be leaked over the next few days.
If that list is real, even using iBrute it would have taken weeks - months, even - to gather pictures of all those celebrities. So it may be that the hackers exploited a different weakness in iCloud, discovered at some point in the past. In which case: celebrity iPhone users, beware.