The major leak of nude celebrity photos last weekend was made possible by software designed to let law enforcement lift data from iPhones with ease. The software is used in tandem with a tool made public recently that can crack Apple iCloud passwords.
According to Wired, hackers talk openly on the anonymous image forum Anon-IB about their use of EPPB, or Elcomsoft Phone Password Breaker, to download data from iCloud storage backups.
EPPB and like programs work to reverse engineer smartphone software to access a device’s data, but only with the aid of iBrute, the password-guessing software for iCloud. The iBrute software, recently released by security research Alexey Troshichev, was made to exploit a flaw in Apple’s ‘Find My iPhone’ feature to lift users’ iCloud passwords, running through numerous attempts to crack the account before eventual success.
Used in tandem with iBrute, “EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com,” Wired reported. This provides far more data for hackers, including videos, application data, contact information, and text messages, according to Jonathan Zdziarski, a forensics consult and security researcher.
Zdziarski analyzed the metadata from the leaked photos and determined that the material came from a downloaded backup, which is consistent with the use of iBrute and EPPB.
“You don’t get the same level of access by logging into someone’s [web] account as you can by emulating a phone that’s doing a restore from an iCloud backup,” said Zdziarski. “If we didn’t have this law enforcement tool, we might not have the leaks we had.”
Yet, one “ripper” on Anon-IB said that downloading files from an iCloud backup using the likes of EPPB isn’t “hacking” if it is done with the use of a supplied username and password – which iBrute can offer.
“Dunno about others but I am too lazy to look for accounts to hack. This way I just provide a service to someone that wants the data off the iCloud. For all I know they own the iCloud,” Anon-IB user cloudprivates told Wired. “I am not hacking anything. I simply copy data from the iCloud using the user name and password that I am given. Software from elcomsoft does this.”
Elcomsoft did not answer Wired’s request for comment. On its website, the company markets the software for exactly the uses desired by rippers.
“All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID…accompanied with the corresponding password,” the company says of EPPB on its website. “Data can be accessed without the consent of knowledge of the device owner, making Elcomsoft Phone Password Breaker an ideal solution for law enforcement and intelligence organizations.”
For his part, iBrute developer Troshichev said Monday that Apple had patched the relevant flaw in the ‘Find My iPhone’ feature. Yet Anon-IB users still discusseded using iBrute with EPPB as of Tuesday.
Apple’s relationship with the likes of Elcomsoft is now in questions, said Zdziarski.
“When you have third parties masquerading as hardware. it really opens up a vulnerability in terms of allowing all of these different companies to continue to interface with your system,” he said. “Apple could take steps to close that off, and I think they should.”