Cloud security laid bare
By now you’ll have heard all about the leaked nude photos of actress Jennifer Lawrence, along with several of her famous peers. The scandal has sparked an online debate about revenge porn, birthed the hashtag #ImNotLooking, and even prompted some to question whether this invasion of Lawrence’s privacy should be considered a sex crime. “I can only imagine the creepy effort that went into this,” tweeted actress Mary Elizabeth Winstead, another hack victim.
But how did it happen in the first place?
One popular explanation circulating the web this week is a weakness in iCloud’s security which enabled hackers to carry out ‘brute force’ attacks (a simplistic approach which involves entering numerous random passwords until you strike gold) and gain access to several public figures’ Photo Streams. “We take user privacy very seriously and are actively investigating this report,” says Apple spokesperson Nat Kerris.
Rich Mogull, CEO of security company Securosis, says it is “very possible” that there is a connection between the celebrity photo leaks and a post on code-sharing forum GitHub which claimed to have found a vulnerability in Apple’s ‘Find My iPhone’ function. However, Mogull believes a more likely explanation is that hackers simply targeted specific accounts and breached them individually: “I would be shocked [if] Apple itself was hacked.”
If you’re suddenly paranoid about the safety of your iPhone’s content in the wake of recent events, Mashable’s Samantha Murphy Kelly advises disabling the Photo Stream. This will prevent your iPhone from automatically uploading pictures to the cloud when you take them, and keep them limited to just the one device. If you still want to keep using iCloud to back up your files, then it is worth putting some serious thought into your password.
There is an argument to be made that it is in the best interests of the consumer to encrypt their own content, sensitive or otherwise. But in this case, Nathaniel Mott at Pando Daily argues that blame falls squarely on the shared shoulders of the hackers and Apple. “Preventing brute force attacks is one of the most basic security features,” he says. “It’s right up there with ‘require a password’ on the great checklist detailing how not to ruin the lives of consumers who trust your product to keep things private. Apple has fixed the problem now, but for the celebrities affected by this leak it’s already too little, too late.”