While Apple Lossless Audio CODEC (ALAC), has refused to blame his service iCloud for leaked naked celebrity photos last week, Wired reports that the attackers used a commercial tool to back up iClud accounts.
The author of the article Andy Greenberg has spent a lot of time investigationsτας ένα forum (το Anon-IB) σχετικά με τις τεχνικές που χρησιμοποιούν οι hackers για να αποκτήσουν πρόσβαση σε προσωπικές photos. Ένα τέτοιο εργαλείο είναι η εφαρμογή της Elcomsoft Phone Password Breaker (EPPB). Η Elcomsoft αναφέρει για το software of being "an ideal solution for law enforcement and intelligence agencies," but it seems to be very popular among the ranks of hackers trying to steal other people's data. While attackers would still need to obtain account information through other methods, the EPPB application advertises a password bypass access feature using an authentication token from a synchronized PC system or Mac.
The technique is not new.
There are several hypotheses about the technique used by the hackers. Of course, the technique is known only to the person who used it, and perhaps the research that will be carried out by Apple technicians and the authorities that have undertaken the clarification of the case will show it. We may never know, as Apple avoids such announcements. We usually learn the vulnerabilities that allowed a breach from the attackers themselves, not from her company.
In this attack, however, the hacker or hackers have preferred to keep their mouth closed.