Several days ago, nude photos of hundreds of female celebrities were leaked online, and many blamed a flaw within Apple’s iCloud as the culprit. Aside from the moral debate surrounding the images, many people criticized Apple for allowing this kind of breach to occur, taking their silence on the matter as a tacit admission of guilt. Now however Apple is fighting back.
The Cupertino company today released a press statement in which it denies that these photos were obtained through a flaw within the iCloud’s code. This press statement can be read below:
"We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved"
What Apple seems to be suggesting is that the accounts were breached through a process called social engineering. A hacker would spend a large amount of time researching a person, monitoring their public communications, and even contacting them privately, in order to coax them into divulging personal information. The information could then be used to access and change the passwords of different accounts through the use of security questions.
While such an attack would have been very time consuming (assuming the celebrities in question has reasonably hard security questions), it would not require significant hacking expertise. Furthermore there is little Apple (or any tech company) can do to counter this sort of attack, aside from urging its customers to chose very hard security questions, and not easily give away personal information.
Cool Ad Here