Naked Celebrity Hack – How 4Chan Accessed iCloud For the ‘Fappening’
The nude celebrity photo and video hack now known as “The Fappening” was instigated, according to public claims by a hacker in the 4Chan group. This naked celebrity hack was done by accessing the iCloud accounts of several popular, mostly A-list, celebrities such as Jennifer Lawrence and Kaley Cuoco.
The media that was stolen by 4Chan includes nude, semi-nude and perhaps sexual material saved on the celebrities’ smart phones and uploaded to Apple’s iCloud backup service. The compromise for the naked celebrity hack was actually through that backup service, investigators now know.
Several exploits are believed to be likely culprits for the naked celebrity hack by 4Chan. Weak links in the iCloud service have been known for some time, including a simple brute force exploit that can allow a persistent hacker to gain access to an account, as detailed on Github. The exploit has since been repaired, but it’s one possibility.
So far, security experts have said that the 4Chan naked celebrity hack used a “chain” linking accounts, which allowed access to other accounts once access to one was complete. Simply put, the hacker could access one celebrity’s iCloud account and use the address book stored there to find other celebs to target, moving on to access their account.
The EXIF data, which is embedded in digital photos taken with most devices, gives details about the photo, including location, date, and device ID. Using this information, the security think tank InfoSec Taylor Swift (a Twitter account combining the security group’s name and their favorite country music singer) analyzed several of the leaked photos. Most of the photos, it appears, did not come from the celebrity’s phone but instead from related phones, such as that of boyfriends, BFFs, etc. In the case of Kate Upton, for example, it was her boyfriend’s phone that originally took the photos that were leaked, InfoSec says.
Although Apple says, and others have confirmed, that iCloud data is encrypted both in transit and while in storage, this does not necessarily mean it’s protected against theft. If your device (i.e. your account) can access your data, then anyone with your account login can access it as well. This precludes the likelihood that it was an inside job at Apple, as some have suggested, but does not change the lack of security.
A likely scenario for the naked celebrity hack, suggests Dan Kaminsky, chief scientist at Whiteops.com, is that someone hacked a hacker to get the naked celebrity photos.
@aeliasen @mindcrash my personal thinking is that someone hacked desktops, and someone else hacked the hacker. No evidence though.
— Dan Kaminsky (@dakami) September 1, 2014
In other words, instead of accessing the celebrity accounts directly to get the naked photos, the 4Chan hacker instead found another hacker who’d accessed them (likely unknowingly) and got into them from there. This is a common practice in the black hat world of hacks, where one hacker piggybacks on the success of another to find data that is useful to them.
This theory is more likely as hackers often “spy” on junior or up-and-coming hackers in order to steal their access. In this scenario, we can imagine that a junior hacker somewhere happened to find an exploit for the iCloud and used it to gain access to a few accounts. Another hacker, watching this, used the information to gain access to the accounts of celebrities or used the accounts accessed by the first hacker to find what 4Chan was looking for. Once the data was gleaned, the naked celebrity Fappening began as the photos found were released.
While security experts are still looking into how the naked celebrity hack worked and where it originated, it’s likely that the mystery will only be solved when the perpetrator is located.
[Photo from Boogie2988 in #leakforjlaw solidarity.]