Credit: Kris Connor/WireImage/Getty Images
The conservative blogosphere is aflame with another suspected leak of Hunter Biden’s personal information, this time the “iPhone From Hell”.
The leak went viral on 4chan, where a user claimed to have hacked into Hunter’s iCloud backup and then used a tool that allows users to restore files from Apple’s cloud backup site. The files are now being dissected by 4chan in what appears to be another leak of a vast amount of personal information from President Joe Biden’s son. In 2020, Hunter Biden left a laptop at a Delaware repair shop, the contents of which were taken by the shopkeeper and shared with conservative media.
“The iPhone contains voice messages, videos, voice recordings, pictures, etc. of Joe,” the anonymous user wrote on 4chan. “There are two folders in this ZIP, one for an iPad and the other for an iPhone backup.”
Motherboard has not been able to independently verify the files or their provenance, although a number of photos of Hunter Biden, which do not appear anywhere else on the web, have been posted to 4chan.
The post includes several screenshots showing the interface of a tool called iPhone Backup Extractor, which, according to the tool’s official website, allows for the recovery of “lost iPhone messages, photos, calendars, contacts, notes, locations, and data from iPhone backups and iCloud.” .”
Given these screenshots, it’s plausible that this 4Chan user or someone else figured out Hunter’s iCloud account and then hacked into it, perhaps by guessing the password.
At this point, they could have used iPhone Backup Extractor to explore the contents of Hunter’s iPhone and iPad and downloaded the data that they found interesting. In a video showing how the tool works, the company says a user can simply enter iCloud credentials into the software to then browse and restore files from the cloud backup.
This new Hunter scandal comes almost two years after the New York Post claimed to have received a copy of a Hunter laptop from a Delaware repair shop. Conservatives tried – and failed – to use the laptop’s contents to torpedo Joe Biden’s presidential campaign. The alleged dates included emails between Hunter and his father, as well as photos of him allegedly doing crack and having sex.
This wouldn’t be the first time hackers have used software to access data on an iPhone to obtain sensitive personal information. In 2014, hackers accessed the highly personal images of dozens of celebrities including Jennifer Lawrence, Kate Upton and Kirsten Dunst, in part using a forensic tool designed for police officers and law enforcement to obtain data from suspected criminals’ iPhones. that was called Elcomsoft Phone Password Breaker or EPPB. As Wired reported at the time, “EPPB allows anyone to impersonate a victim’s iPhone and download their full backup, rather than the more limited data accessible on iCloud.com.”
This apparent hack-and-leak shows that using iCloud backups can increase the attack surface for high-profile hacking targets. On the one hand, it’s true that storing your iPhone’s data in Apple’s cloud can provide a way for hackers to get your data that wouldn’t otherwise be there. And it’s a way that’s theoretically easier to exploit than aiming straight at your iPhone (where data is encrypted by default) or trying to get the phone’s backup, which is only stored on a hard drive or computer.
Privacy experts have warned that data on iCloud can be easily preloaded since it is not encrypted; Data on an iPhone is more difficult to extract, although it is possible if law enforcement has physical access to the device and is using a tool like a GrayKey.
The reality is that most people prefer to turn on automatic backups in iCloud instead of thinking about plugging in their iPhones and using iTunes for local backups because it’s more convenient. If you use a strong password and two-factor authentication, it becomes relatively difficult to hack into your iCloud account.
“If you’re worried about subpoenas then iCloud is risky, but for everyone else I guess a strong password and Apple’s [two step verification] is a strong solution,” Ryan Stortz, a cybersecurity researcher with experience in iPhone security, told Motherboard in an online chat.
The White House declined to comment, referring Motherboard to Hunter Biden’s representatives.
Motherboard has sent a request for comment to the email address allegedly belonging to Hunter that is included in the 4chan screenshots. The owner of the address did not reply.
Hunter’s legal representative, Christopher Clar, did not immediately respond to a request for comment.
UPDATE July 11, 3:43 p.m. ET: After this story was published, NBC News correspondent Tom Winter reported that US intelligence said it was aware of claims that Hunter’s iCloud was hacked and “is unable to comment publicly on possible investigative actions.”
Subscribe to our podcast CYBER. Subscribe to our new Twitch channel.