Hackers who stole nude photos of female celebs used software intended for police and spies to parse data from iPhones, reports Wired. "What this demonstrates is that even without explicit backdoors, law enforcement has powerful tools that might not always stay in law enforcement," a forensic tech expert tells the website's Andy Greenberg. The legal software is called Elcomsoft Phone Password Breaker; while it's sold for $399, you don't have to prove you're a cop to buy it, and free bootleg versions are widely available. EPPB seems to be a favorite at AnonIB—a Web forum where hackers parade stolen naked photos, writes Greenberg.
The story explains that hackers may have used EPPB in combination with something called iBrute, a "password-cracking software" said to be linked to a flaw in the "Find My iPhone" feature. Hackers would obtain Apple ID passwords through iBrute, then use EPPB to impersonate a victim's IPhone or iPad and download all of the device's backup files. Apple disputes the idea of a breach in iCloud or Find My iPhone, though it released an update designed to fix the iBrute flaw. At Mashable, Christina Warren shelled out $200 for a copy of EPPB and was able to hack her own iCloud account. Click for her first-person account, or for Greenberg's full story. (Bad news for hackers: Some of the stolen images are child porn.)