Click to Skip Ad
Closing in...

Law enforcement iCloud hacking tool used in Jennifer Lawrence nude photos theft

Published Sep 3rd, 2014 7:40AM EDT
iCloud Nude Celebrities Photos Hack

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple on Tuesday confirmed that various celebrities using iPhones have had their iTunes accounts hacked by third parties who managed to steal sensitive information including nude pictures and videos, but revealed that a massive iCloud security issue isn’t to blame. Instead, attackers used other means of associating user names and passwords to get into their targets’ iCloud accounts. Wired has learned more details about the massive hack, revealing that a law enforcement tool may have been used in the attacks.

FROM EARLIER: Claimed hacker behind iCloud nude photos theft says it took ‘months’ of planning to pull off heist

The compromising data theft has been denied by some of the many celebrities affected, although others, including actress Jennifer Lawrence, confirmed that the nude pictures that have been posted online are genuine.

To grab them, as well as videos and other compromising data on a phone, hackers have apparently used a software tool called Elcomsoft Phone Password Breaker (EPPB) to download data from iCloud backups, likely after using a tool to actually guess the password of a certain user, such as the recently revealed iBrute tool that could have been used for brute force attacks on iCloud accounts.

The EPPB program, developed by Russian forensics company Elcomsoft, can be used to break into any iOS device and is mainly destined to reach the hands of law enforcement, but the company doesn’t perform checks on whether a buyer comes from such agencies. Moreover, the software is rather affordable at $399, not to mention that illegal copies can be downloaded from torrent sites by anyone interested in actually using it.

“All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID…accompanied with the corresponding password,” Elcomsoft’s website reads. “Data can be accessed without the consent of knowledge of the device owner, making Elcomsoft Phone Password Breaker an ideal solution for law enforcement and intelligence organizations.”


Once EPPB is used, an attacker can get into a person’s iTunes account, and perform a restore from iCloud backup that would give him or her access to everything on the iPhone, including pictures, videos, notes, contacts and more.

Security researcher Jonathan Zdziarski, who recently questioned some of the security-related practices at Apple when it comes to iOS devices, has analyzed the meta data of the pictures published online, revealing that the photos likely come from a downloaded backup, as obtained with an EPPB-like piece of software.

“You don’t get the same level of access by logging into someone’s [web] account as you can by emulating a phone that’s doing a restore from an iCloud backup,” Zdziarski said. “If we didn’t have this law enforcement tool, we might not have the leaks we had.”

It’s important to note that these law enforcement tools that can be used to retrieve data from an iPhone work regardless of whether Apple consents or not, as they only have to reverse engineer Apple’s protocol for communicating between iCloud and iOS devices to get access, rather than rely on any backdoor in iOS.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.