Celebrities are getting hacked off with iCloud. Last month, more than 100 high profile celebrities had their phones hacked and intimate pictures posted online. With a selection of these celebrities claiming the photos had already been deleted and therefore, couldn’t have been stolen, how did these hackers gain access, and what threat does this pose to our data?
At the moment, nobody is quite sure how these photos were obtained, however, it has been widely reported that Apple’s iCloud storage is to blame. If activated, iCloud automatically stores data such as photos, video, contact, etc., in the cloud allowing users to sync their data across various Apple devices. Research suggests that iCloud uses a robust 128-bit encryption both upon delivery and during delivery of files – which makes it very difficult, and somewhat unlikely, for hackers to intercept anything that’s in transit to Apple’s servers.
However, the lack of definitive evidence has led to security experts suggesting several alternative hacking methods such as cybercriminal phishing emails. It could’ve also been possible that someone with internal access to the photos, such as an iCloud employee, privately stored them and then subsequently was hacked themselves by an opportunist thief. Additional speculations were reported that a hacker simply guessed the password using an apparent flaw in Apple’s “Find My iPhone” service, where users can continuously input password attempts without being locked out – a tactic known as a “brute force” attack.
Does this call for a rethink into what we store in the cloud?
Storing data both on and off the cloud will always pose some level of risk and given that we aren’t sure how these photos fell in the wrong hands, it’s important for both businesses and consumers to know what data and content is being stored in the cloud, and what security is in place to keep that information private.
It is also worth checking your own device to see exactly what is being uploaded automatically. As many cloud settings offer an opt-out rather than opt-in setup, check that your data isn’t automatically being synced. It is far better to sync manually to give you better control over what you’re uploading. Additionally, make sure that you check your iCloud account frequently, not just your device so that you know exactly what is being stored there and what has been deleted.
Finally, it may seem obvious but many people fall victim to poor password choice. It is recommended that users use a strong, complex and frequently changed password that is not reused across other accounts.
There is no doubt that recent events have had an impact on the public’s awareness of, and trust in, cloud services. Cloud providers need to make sure they are clearly communicating the security measures that they have in place, providing advice to users on best practice and developing robust plans for dealing with the communications fallout that can be caused by any issues. At a personal level, if you have pictures, messages and videos that were for your eyes only, make sure you check your cloud settings to avoid your personal data becoming front page news.