Taking into account intensive examination of scrape data leaked by single or else additional hackers, suspicion grows with the aim of iCloud backups were source of pictures – though precise method of attack still indistinguishable.
Security experts are alert with the aim of near may well come about many additional compromised household name iCloud accounts taking into account examining scrape data from pictures stolen from stars as well as Jennifer Lawrence and Kate Upton.
Single theory ahead ground is with the aim of many of the pictures had been accumulated by single hacker completed a era of era - and were afterward “popped” by an alternative hacker who one way or another broke into a machinery belonging to the earliest. Lending importance to with the aim of was with the aim of single of the initial photos found featuring in a store released online dated to December 2011, while the nearly everyone latest was from 14 grand.
Round about allow additionally pointed to the presence of a Dropbox tutorial scrape featuring in single hacked balance to the same degree suggesting with the aim of the third-party cloud luggage compartment service was a source of round about pictures.
But the redistribution to Github of an exploit counter to Apple’s stumble on My iPhone service three days before, which may well exercise a “brute-force” attack to bring about banned a password, points to the existence of weak relations featuring in Apple’s service with the aim of may well allow been exploited some time ago a celebrity had the email speak to of a household name or else their boss.
The previous hack looks to allow been finished by “chaining” involving accounts: On ahead access to single person’s balance, the hacker may well access their speak to report and exercise with the aim of to attack others’.
InfoSec Taylor fast, a Twitter balance with the aim of began to the same degree a parody combination of the population vocalist and security thinking, began a serious examination of EXIF data connected to round about of the photos strewn online. EXIF data can confer beyond itemize in this area a photograph, such to the same degree as soon as it was taken, with come again? Device, and someplace.
“Swift” situate the EXIF data - though not the images - from the alleged Kate Upton pictures against the code-pasting place Pastebin - and found with the aim of they appeared to allow come up to from her boyfriend, not Upton herself.
Apple has still issued rebuff statement on how many accounts on its iCloud service were kaput into.
But it has come up to featuring in in support of strapping evaluation completed the lack of protection counter to “brute-force” attacks with the aim of would yield a password. “If the celebs’ iCloud balance passwords were swine required, the quandary seems to come about lack of rate limiting by Apple, not lack of crypto,” commented Christopher Soghoian, principal machinery by the side of the American Civil Liberties Union.
“Once Apple’s privacy and PR teams respond to the celeb iCloud fiasco, I prospect Apple donates several million dollars to usable security research… Blame the tech companies in support of delivering products with crappy default security settings, not the non-expert users whose accounts are hacked.”
Round about allow suggested with the aim of the source of round about of the photos may well even come about stick with the capability to access iCloud backups. However Apple says featuring in its support papers with the aim of iCloud backups - as well as photographs - are encrypted: “This wealth with the aim of your data is protected from unauthorised access both while it is being transmitted to your policy and as soon as it is stored featuring in the cloud.”
Dan Kaminsky, chief scientist by the side of whiteops.Com, assumed on Twitter with the aim of “my individual thinking is with the aim of someone [originally] hacked desktops, and someone to boot hacked the hacker” - toting up “if it isn’t iCloud, which apparently there’s round about end to believe.”
Near is common confusion though in this area the implications of the hack. Fast warned with the aim of “_This is right the introduction._ Folders of images with thumbnails visible allow been revealed, many celebs yet to come about impacted who yearn for.”
没有评论:
发表评论