Most of the headlines generated by the hackers who broke into the Apple iCloud accounts of 101 celebrities have revolved around the trove of naked photos they found stored on people’s iPhone backup facility.
Basically, author Sean Gallagher bought two pieces of commercially available software that the iCloud hackers are thought to have used: Elcomsoft’s iOS Forensic Toolkit (EIFT) and Elcomsoft Phone Password Breaker (EPPB). He then spent some time trying to hack his way into the phones of various family members.
What Gallagher found ought to terrify anyone who either doesn’t understand how iCloud works, or who hasn’t activated all the security features of iCloud (which is to say, a huge portion of all iCloud users).
Once you have hacked into an iCloud account, the Elcomsoft tools let you download a full backup of the account’s owner. You basically get complete access to everything on their phone. The Ars Technica report confirms an earlier one we covered noting that hackers probably now have copies of Kate Upton’s entire phone.
Worse, you get access to all the stuff that used to be on the phone but the user thought was deleted. That confirms an earlier post on Business Insider explaining that celebs probably were not storing naked selfies on their phones or in iCloud — because they mistakenly believed they were deleted.
Here is what he found on the iCloud backups he hacked:
- Phone call history
- Text messages
- Voicemail message data (numbers and times) “dating back to the phone’s original purchase. So much for deleting call history.”
- Addresses for email and texts, plus phone numbers and Facebook contacts.
- All the email and Twitter accounts ever held by the phone’s owner. “Some details synced over from accounts closed before the target phone was purchased.” (Emphasis added.)
- Every wifi hotspot the phone has ever connected to.
- Long-deleted photos. (This may explain why so many celebrities had nudes in their iCloud — they believed they had deleted them but iCloud keeps a copy.)
- Addresses searched for in Apple Maps.
What happens is that the Elcomsoft package lets hackers get a virtually complete copy of the users’ phone in addition to a virtually complete copy of all the material Apple uses to backup and restore the phone — which means a ton of data and media that might have been “deleted” by the user but was in fact being held for backup/restore purposes, just in case.
The material then lets those same hackers stalk their targets in real time, Gallagher says:
Even creepier, the iCloud access also gives the attacker the ability to stalk the victim in real-time by using the Find My iPhone feature. If the phone is turned on and Find My iPhone was configured, the attacker can use the feature just as the owner would (of course, odds are that it’s on the owner’s person). We were able to identify the location of family members in this way as soon as the target phone was turned on.
This would imply that anyone who believes their iCloud has been hacked ought to ditch the phone and all their iCloud accounts, and start over with a new device and a new set of accounts.