A major security breach in Apple’s iCloud network occurred this week, leaking nude photographs and private information from a number of celebrities. One detail about this case that has been largely overlooked by the mainstream media is the fact that this security breach was made possible by police software that was highjacked by hackers.
According to Wired, hackers openly discussed using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups.
These details were revealed on the web forum Anon-IB, one of the primary sites that is used for hosting hacked material of this nature. The software is created by a company called Elcomsoft, and it is made specifically for law enforcement and government agents.
The software allows hackers to impersonate someone’s iPhone when accessing the iCloud network, where they can then download a back up of the person’s data.
Many experts have said that this security breach would not have been possible without this software.
“You don’t get the same level of access by logging into someone’s [web] account as you can by emulating a phone that’s doing a restore from an iCloud backup. If we didn’t have this law enforcement tool, we might not have the leaks we had,” Jonathan Zdziarski, a forensics consult and security researcher said.
“What this demonstrates is that even without explicit back-doors, law enforcement has powerful tools that might not always stay inside law enforcement. You have to ask if you trust law enforcement. But even if you do trust law enforcement, you have to ask whether other people will get access to these tools, and how they’ll use them,” he added.
This leak sheds light on how easy it is for police technology to get hijacked by anyone who wants to do the research. Additionally, it would have been possible for Apple to program a safeguard against these kinds of security weaknesses, but federal law is now requiring companies to leave back doors in their products, so law enforcement can access your private information at any time. This in itself is a major violation of privacy, but now it is certain that police are not the only people with access to these back doors.
Password breaking software has a difficult time cracking more complicated codes, so using non-letter characters in your password can help to protect the security of your device.
Ryan, an iPhone technician from Illinois, explained that “As long as people use weak passwords for anything, they will be victims. For example, if your password was “QFGF4hbA4YZj” (12 characters randomly generated) it would take the cops or hackers 25,000 years for this software to ‘hack’ your iCloud account on an average computer. Whereas simply adding a symbol like a dollar sign increases the time up to 26,000,000 years. Unfortunately, most people use human readable passwords, with a couple numbers on occasion. These can be cracked within days, or even faster with a dictionary attack. Hacking sure isn’t what it used to be. This iCloud hacking would actually be considered cracking. Cracking requires no skill, just a program designed to keep trying passwords until it finds the correct one and a computer.”
John Vibes is an author, researcher and investigative journalist who takes a special interest in the counter culture and the drug war. In addition to his writing and activist work he is also the owner of a successful music promotion company. In 2013, he became one of the organizers of the Free Your Mind Conference, which features top caliber speakers and whistle-blowers from all over the world. You can contact him and stay connected to his work at his Facebook page. You can find his 65 chapter Book entitled “Alchemy of the Timeless Renaissance” at bookpatch.com.