Alleged Hunter Biden Leak Shows iCloud Can Be iPhone Security’s Weak Link

The conservative blogosphere is afire with another alleged leak of Hunter Biden’s personal data, this time the "iPhone From Hell."

The leak went viral on 4chan, where a user claimed to have hacked into Hunter’s iCloud backup and then used a tool that allows users to recover files from Apple’s cloud backup site. The files are now being dissected by 4chan in what seems to be another leak of a huge amount of personal data from President Joe Biden's son. In 2020, Hunter Biden left a laptop at a repair shop in Delaware, the contents of which were taken by the store owner and shared with conservative media outlets. 

“Iphone contains voice mails, videos, voice recordings, pictures etc of Joe,” the anonymous user wrote on 4chan. “In this ZIP are two folders, one for an ipad and the other for iphone backup.”

Motherboard has been unable to independently verify the files or where they came from, though a series of photos of Hunter Biden that do not appear elsewhere on the internet have been posted on 4chan.

The post comes with several screenshots that show the interface of a tool called iPhone Backup Extractor, which, according to the tool’s official website, allows for the recovery of “lost iPhone messages, photos, calendars, contacts, notes, locations and data from iPhone backups and iCloud.”

Given these screenshots, it’s plausible that this 4Chan user or someone else figured out Hunter’s iCloud account and then hacked into it, perhaps by guessing the password. 

At that point, they could have used the iPhone Backup Extractor to explore the contents of Hunter’s iPhone and iPad and downloaded the data that they found interesting. In a video that shows how the tool works, the company says that a user can just input the iCloud credentials into the software to then explore and recover files from the cloud backup.  

This new Hunter scandal comes almost two years after the New York Post claimed to have obtained a copy of a laptop belonging to Hunter from a repair shop in Delaware. Conservatives tried—and failed—to use the contents of the laptop to torpedo Joe Biden's presidential campaign. The alleged data contained emails between Hunter and his dad, and photos of him allegedly doing crack and having sex.  

This wouldn’t be the first time hackers used software to access data on an iPhone to get their hands on sensitive personal information. In 2014, hackers accessed the highly personal pictures of dozens of celebrities such as Jennifer Lawrence, Kate Upton, and Kirsten Dunst, in part using a forensic tool that was designed for cops and law enforcement authorities to get data from the iPhones of alleged criminals, which was called Elcomsoft Phone Password Breaker or EPPB. As Wired reported at the time, “EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com.”

This apparent hack-and-leak shows that using iCloud backups can increase the attack surface for high-profile hacking targets.  On one hand, it is true that putting your iPhone’s data on Apple’s cloud can give hackers an avenue to get your data that would otherwise not be there. And it’s an avenue that, in theory, is easier to exploit than targeting your iPhone directly (where data is encrypted by default), or trying to get the phone’s backup that’s only stored on a hard drive or computer. 

Privacy experts have warned that data that on iCloud can be easily subpoenaed because it is not encrypted; data on an iPhone is harder to extract, though it can be done if law enforcement has physical access to the device and uses a tool like a GrayKey.

The reality is that most people will prefer to turn on automatic backups on iCloud rather than remembering to plug in their iPhones and use iTunes to do local backups because it is more convenient. If one uses a strong password and two-factor authentication, it becomes relatively hard to hack into their iCloud account. 

“If you’re worried about subpoenas then iCloud is risky, but for everyone else I think a strong password and Apple’s [two step verification] is a strong solution,” Ryan Stortz, a cybersecurity researcher who has experience with iPhone security, told Motherboard in an online chat. 

The White House declined to comment, referring Motherboard to Hunter Biden’s representatives. 

Motherboard sent a request for comment to the email address allegedly belonging to Hunter that is contained in the 4chan screenshots. The owner of the address did not respond. 

Hunter’s legal representative Christopher Clar did not immediately respond to a request for comment. 

UPDATE, July 11, 3:43 p.m. ET: After this story was published, NBC News correspondent Tom Winter reported that the U.S. Secret Service said it is aware of claims that Hunter’s iCloud was hacked and and “are not in a position to make public comments on potential investigative actions.”

Subscribe to our podcast, CYBER. Subscribe to our new Twitch channel.