• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Digital ID
  • EPPB tool copies usable to download victims’ data from iCloud backups

EPPB tool copies usable to download victims’ data from iCloud backups

Pierluigi Paganini September 07, 2014

Copies of the Elcomsoft EPPB tool are circulating in the underground and could have been used in the recent leak of celebrity photos.

Recently naked pictures of celebrities have been leaked online, but security experts were particularly interested to the news because they speculate that the images have been stolen from the Apple iCloud service.

The case is not isolated, security experts are aware of numerous attacks against online storage services, including the popular iCloud, Google Drive and DropBox.

In the underground is quite easy to find forums where hackers sell images stolen from unaware Apple iCloud accounts, threat actors use to compromise cloud storage services using software designed with the specific intent to gather pictures online from poorly protected accounts.

Some of the nude celebrity images have first been circulated on Anon-IB, the most popular anonymous image boards for posting stolen nude selfies. As explained in a blog post published by Wired, through the forum are offered many applications for iCloud “ripping,” or downloading the entire contents of an account.

“Ripping right now! Send email with Apple ID and Password and I will have it ripping ASAP. Will keep everything private!” report one posting on Anon-IB.

One of the software most debated is Elcomsoft Phone Password Breaker (EPPB ) which allows an attacker to download data from iCloud backups. As explained by the Elcomsoft CEO Vladimir Katalov, the software is a forensic tool sold to government agencies for legitimate uses, but the company doesn’t exclude that copies has been offered for sale in the underground.

A few hours after the data leakage, on the GitHub online repository was published a Python script that could be used to “brute force” an Apple iCloud account’s password, exploiting the vulnerability in the Find My iPhone service. An attacker could use the script to repeatedly guess passwords in an attempt to discover the right one. Combining the use of the tool with the EPPB application anyone can impersonate an iCloud user and download its full backup, and this is probably what has happened in the case of the celebrities naked pictures.

eppb download-type-screen 2

EPPB doesn’t exploit flaws in Apple services, the use of such tools once the account Apple ID and password have been compromised allows attacker to access data stored in the backup. The EPPB allows to analyze all the data related to an Apple device, including text messages, pictures, email attachments, call logs, address books, calendars, email account settings and much more.

“All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID…accompanied with the corresponding password,” the company’s website reads. “Data can be accessed without the consent of knowledge of the device owner, making Elcomsoft Phone Password Breaker an ideal solution for law enforcement and intelligence organizations.” states Wired.

A hacker who knows the victim’s Apple credentials could recover the data, set up a new device and restore it with the targeted account’s iCloud data.

“If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages.” states Wired.

EPPB can download specific pieces of data from the backup, allowing law enforcement officials to select only information of interest and reducing the time necessary for data extraction.

If the hackers behind the leaking of the naked celebrity pictures have used a tool like the EPPB, it is likely they had access to much more data like SMSs and address books which could allow them to conduct further targeted attacks.

Apple users are advised, enabling two-factor authentication they can ensure further protection to the accounts.

Pierluigi Paganini

(Security Affairs – EPPB software, iCloud)


facebook linkedin twitter

Apple brute force celebrities data leakage EPPB Find My iPhone forensic tool Hacking iCloud two-factor authentication

you might also like

Pierluigi Paganini July 11, 2025
Athlete or Hacker? Russian basketball player accused in U.S. ransomware case
Read more
Pierluigi Paganini July 10, 2025
UK NCA arrested four people over M&S, Co-op cyberattacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 13, 2025

    McDonald’s job app exposes data of 64 Million applicants

    Hacking / July 12, 2025

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Cyber Crime / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT