(Newswire.net — September 3, 2014) — In a newly-released update on its investigation into the celebrity photo hacking scandal, Apple said Tuesday that its engineers believe the incident did not occur through a breach in Apple’s systems, including iCloud. Apple also says that “Find my iPhone” service was not involved in the photo thefts.
There had been some speculation that this service was at fault, as someone had recently discovered and published a flaw in it that allowed a malicious party to continually guess passwords without any recourse.
Apple appeared to have patched the issue shortly thereafter, and its statement implies that the Find my iPhone flaw was not used here. That said, Apple’s statement also does not make it perfectly clear that this flaw was not put to use. Apple did not immediately respond to a request for clarification on the matter, but company’s representative said that the investigation takes time.
“When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source,” the company said in a statement.
“After more than 40 hours of internal investigation,” statement said, “we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.”
“None of the cases we have investigated has resulted from any breach in any of Apple’s systems,” the statement said.
iCloud was immediately pointed out as a potential source of the stolen photos, particularly by anonymous commenters on the 4chan board who claimed to have some knowledge of their theft. At the very least, it was a reasonable guess: most of the photos are reported to have been taken on iPhones, and photos are often automatically backed up into Apple’s cloud. This may still be part of the reason that these photos were available to be stolen, as iPhone owners may not always realize that their pictures are being backed up.
Apple says that it is continuing to work with law enforcement to help identify the criminals responsible for the attack.
The FBI announced Monday that it was looking into the hacking incident, saying in a statement that the bureau is “aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter.
It’ll be important for Apple to keep its customers comfortable with using iCloud, particularly because of some upcoming services it’s said to have planned for the very near future.
Apple is reported to be just a week away from announcing a mobile payments service, which would store credit cards, and a health-tracking wearable — both of which will require significant security.