How those nude photos were leaked (and why you should care)
A number of celebrities were targeted this week in an attack that exposed nude photos stored in their iCloud accounts. Here's what we know, and what it means about your own cloud security.
How were the celebrities' accounts hacked?
According to the latest reports and information released by Apple, celebrities whose iCloud photos were leaked fell victim as a result of targeted attacks. Meaning, the people who hacked into the accounts likely knew the e-mail addresses associated with the accounts, and/or were able to answer security questions that granted the hackers access to the accounts.
It's still unclear how the hackers knew the answers to the security questions and obtained the usernames for the accounts.
What about that security hole?
Until recently, it was thought that hackers gained access to the accounts through a security hole which allowed them to conduct brute-force attacks. With a brute-force attack, hackers use a script that automatically tried many different username and password combinations in rapid succession until the correct combination is guessed.
Apple patched this hole Tuesday morning and confirmed that this was not the method used by the hackers to log into the celebrities' accounts.
I still don't understand. They're celebrities.
Contrary to popular belief, most celebrities use technology the same way every other not-famous person does. Apple, Google, and other major players don't necessarily give them access to special security features. If there were any other security-bolstering features available, we'd hope these companies would distribute them to all users, not just the privileged.
That being said, since celebrities have the same security tools we do, we're technically all equally vulnerable. But, since their faces grace the covers of magazines and theater screens, they end up being targeted more often.
Even still, celebrities don't always take advantage of security protocol that is available. For example, based on the information currently available, these celebrities could have been protected against the attacks if they were using two-step verification.
Cloud backup services like iCloud and Google's Instant Upload are often enabled by default, so it's possible that the photos were being uploaded to the iCloud account without the celebrities' being aware.
For example, iCloud's Photostream service automatically uploads photos you take on your iDevice and stores them in iCloud for 30 days. With Photostream uploading enabled, those photos can be accessed from any device, no matter where you are in the world, using your iCloud credentials.
Should I be worried?
Even though you're not Brad Pitt or Cameron Diaz, it's a good time to review your own iCloud security. Photos aren't the only items stored in iCloud -- contacts, your iOS device's location, and notes may also be stored there.
1. Enable two-step verification. Now.The greatest defense against brute-force and targeted attacks is still two-step verification. Although it doesn't guarantee against issues like security holes, it's our greatest shield against targeted hacking, where a hacker is able to obtain your username, or answers to your personal security questions.
When two-step is enabled, the person signing received a text message with a code, which is then entered before logging in.
Follow these steps to set up two-step verification for your Apple ID.
2. Disable any services you don't actually useIf the data doesn't exist in the first place, there's no reason to hack it. Do you even need Photostream or other iCloud services like contact-syncing? If not, disable these services. To do so, go to Settings > iCloud on your iOS device and disable the unnecessary services. Then, sign into iCloud.com and delete any previously-uploaded Photostreams.
3. Do the same thing for other Web servicesWhile you're at it, consider repeating the same steps for other cloud services, including Dropbox, auto-backup on Android, or even Flickr. The more you minimize data automatically uploaded into the cloud, the greater control you'll have over your private information.
This is a developing story. Please check back for updates.
Post a Comment for "How those nude photos were leaked (and why you should care)"