What Jennifer Lawrence Photo Leaks Can Teach You About the “Not So Secure” Cloud
(Image from: imdb.com)
By now, you have probably heard of the recent photo leaks of over a hundred celebrities that were purportedly obtained from backups in the cloud. Many speculations surfaced and most were putting blame on iCloud. However, with deeper analysis done by a few netizens, it seems that not all of the celebrities seen on the leaked photos were using an iPhone in taking their selfies. So, this means that Google Drive, Dropbox, or any other cloud service could been used and could have also experienced security breach.
Still, this isn’t the first time that Apple was blamed for security breach. In 2011, a man in Florida hacked the accounts of Scarlett Johannson, Mila Kunis, Cristina Aguilera, and other celebrities by guessing their passwords or recovering them using publicly available personal information. The hacker set up forwarding addresses of these celebrities’ e-mail accounts to an account that he controls. Then, he answered security confirmation e-mails to take control of their devices. The hacker was apprehended and was sentenced 10 years in prison. Nevertheless, damage has been done.
A popular but strange theory regarding the photo leaks is that the large group of celebrities who attended the Emmy Awards were supposedly hacked using the venue’s Wi-Fi. The possibility of this happening with a Wi-Fi in the venue is explained here.
According to Trend Micro’s global VP of security research, Rik Ferguson, weak passwords, answers to security questions that can be obtained publicly, and not using the two-factor authentication method may have led to the most recent security breach if iCloud is found to be the source of the leaked photos. He details how the hack could have happened here.
On the other hand, The Next Web has another theory. They say, “a Python script emerged on GitHub (which we’re not linking to as there is evidence a fix by Apple is not fully rolled out) that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find My iPhone service. Brute-force attacks consist of using a malicious script to repeatedly guess passwords in an attempt to discover the correct one.”
(Image from: imgur.com)
Apple has patched the hole since. After five failed attempts, Apple will now automatically lock the account.
(Image from: TheNextWeb.com)
In regard with the recent leak, UK comedian Ricky Gervais summed it up in a controversial tweet. But Gervais immediately took down the tweet after getting immense criticism.
(Image from: mirror.co.uk)
While Jennifer Lawrence is not at fault that she got hacked as she’s the victim, she and the rest of us should be more vigilant in using the cloud. This recent event shows that no matter what service you’re using, whether iCloud, Dropbox, Google Drive, or any other cloud service, it can be susceptible to security breach.
The basic thing you start with is to have a strong password. Use long and complicated passwords with a combination of numbers and letters. However, this can backfire on you as you might easily forget it or you might need to write it down on a piece of paper, which others can get access to.
Another thing you can do is to use the two-factor authentication. Along with a password, a security pin is sent to your device via text message or a randomizing app can produce the security pin on your connected device in a two-factor authentication method. Thus, someone who wants to get access to your account will need to steal your device as well. This may be a bit inconvenient but for an extra layer of protection, it might be worth doing. Most cloud services like iCloud, Google Drive, and Dropbox supports this method.
Most cloud services have automatic backup turned on by default. You need to turn it off on your own in case you don’t want it to automatically backup on the cloud. Yet, an automatic backup has an advantage too. Check out our story on the thief selfie or thiefie here. To learn how to turn off automatic backup in the cloud for services such as iCloud, Google Drive, and Dropbox, read this.
Or you can follow Gervais’ deleted tweet, where you never put your “racy” photos in the cloud or on any device.
What Jennifer Lawrence Photo Leaks Can Teach You About the “Not So Secure” Cloud
