iBrute force: Is this how Apple iPhone hackers leaked nude photos of Jennifer Lawrence and Kate Upton?

Yesterday a thread appeared on notoriously NSFW forum site 4chan, promising to post nude photos of actresses Jennifer Lawrence, Kate Upton and Ariana Grande in return for Bitcoin donations.

 

Publicists for Lawrence and Upton confirmed the pictures were real (although Grande’s insisted they were “completely fake”). But how did the hacker get access to their photos?

 

Experts pointed to a glitch, known as “iBrute”,  in Apple’s iCloud software, which means it was vulnerable to “bruteforce” hacks, allowing hackers to try out (potentially) thousands of passwords, rather than being locked out after a few tries.

 

Is it a coincidence the flaw was only discovered just two days ago, and detailed on coding website Github?

https://twitter.com/hackappcom/status/506383498333007872

 

But there’s also a risk the fix might not be completely effective in all regions (Nancy Dell’Olio watch out):

 

https://twitter.com/hackappcom/status/506407916702670848

 

And according to a supposed “master-list” doing the rounds online, Lawrence, Upton and Grande aren’t the only ones targeted. The full list includes Avril Lavigne, Amber Heard and Cara Delevigne as well. Presumably the photos will be leaked over the next few days.

 

 

If that list is real, even using iBrute it would have taken weeks – months, even – to gather pictures of all those celebrities. So it may be that the hackers exploited a different weakness in iCloud, discovered at some point in the past. In which case: celebrity iPhone users, beware.