14 DAY TRIAL // People may have moved on from the hack into celebrity iCloud accounts of last year, but for reality star Kris Jenner, the incident seems to still be part of the present, as she says a hacker is blackmailing her with private videos stolen from her Apple cloud space.
The details are scarce at the moment, and they are likely to remain so at least for a while: they are to be revealed on the 10th season of the reality show Keeping Up with The Kardashians.
Sheriff's department has been alerted
According to TMZ, which learned of the alleged blackmail from an inside source, Kris Jenner has confided to her family that she’s the victim of a hacker who has videos with her naked, captured by surveillance cameras in the house.
It appears that she even filed a criminal complaint with the L.A. County Sheriff’s Department about this.
Last year’s celeb hack, dubbed “The Fappening,” exposed private pictures of a good deal of celebrities on anonymous image boards, and some individuals even created separate websites offering access to the private content stolen from iCloud.
Because of a major security flaw, someone who knew the username of the victim could run a brute-force attack on the iCloud log-in page to learn the corresponding password. Only users with two-factor authentication (2FA) would be protected against this attack.
Software can connect IP cameras to iCloud
Until more details emerge, we cannot but speculate about how the hacker managed to access the private data; and many may think that Jenner’s story sounds a bit strange and is nothing but a stunt to promote her show because the data from the incident had been uploaded from an iDevice.
However, there are applications that can upload video from IP cameras straight into someone’s iCloud storage, which could have been hacked.
The one we found has some limitations, though, and it supports a total of three IP cameras, whose video stream can be automatically uploaded to Apple’s cloud and can be watched from a mobile device.
On the other hand, many users fail to properly secure access to surveillance cameras and maintain the default credentials from the manufacturer, at the same time keeping them reachable from the web.
This would be unlikely in Jenner's case, but a phishing attack tricking a user into providing the log-in details for the administration console of the IP camera is a likely possibility.