This past weekend hackers broke into celebrity iCloud accounts and gained access to nude photos of over 100 celebrities including Jennifer Lawrence, Kate Upton and Kirsten Dunst. Somewhat incredibly all of these explicit photos appear to have been selfies taken by the celebrities and then, knowingly or not, updated to their Apple iCloud accounts. Who does this? What’s wrong with these people? But, I can’t blame them for this as they had every right to expect proper security from Apple.
There’s a rotten Apple in the iCloud
After the hackers splashed a lot of these photos over less than reputable web sites a big storm cloud began to gather over Apple headquarters in Cupertino, CA. Apple has long taken shots at Microsoft for Windows vulnerability to virus’ and malware while claiming to be immune. That was always a rather dubious claim because most hackers just couldn’t’ be bothered spending resources on Apple Macs when they only had 10% of the market. Who cared?
But, Apple’s iPhone is a totally different kettle of bits ‘n bytes. It’s the most popular smartphone in the world and hackers are very interested in it while being not so interested in the Windows Phone. Hackers are bad guys but they’re not idiots. So, what does Apple think of this iCloud security breach? Here’s what they said:
After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.
Apple has a limit on the number of incorrect passwords an iCloud user can enter before its system locks the account. They’ve declined to specify the exact number of incorrect attempts that would trigger an account lockdown. It’s not that many as I’ve had it happen to me when I was trying to figure out a forgotten password for a friend. We had to go through all kinds of hoops and barrels to get the account reinstated. So, how did these hackers manage to get the celebrity email addresses and passwords?
Hackers may have found a way around the incorrect sign-on number limit |
In looking more into this yesterday I found out that the day before the photo leak, code for an an Apple ID password brute-force, proof-of-concept was uploaded to the code-hosting site GitHub. Some wise-guys then used the code to exploit a vulnerability in the Find My iPhone sign in page that allowed hackers to flood the site with password attempts without being locked out. Most of the top passwords used are absolutely pathetic with the most common being ‘123456’ or simply ‘password’.
I’m thinking anyone dumb enough to take nude photos of themselves and them put them on iCloud is probably dumb enough to use a pathetic password like ‘123456’. A day after the photo hack became public, the same proof of concept attack was tried and it no longer worked suggesting that Apple had acted quickly to plug the leak. Apple won’t comment on that but I’m betting it’s more than likely this or a flaw very similar allowed the hackers to access iCloud right through the front door!
This simple tool would have prevented the hackers from accessing iCloud |
Back in June of this year, I wrote a post about How To Setup Apple’s 2-Step Verification System. It’s simple and it would have prevented these hackers from getting into the celebrity iCloud accounts. Android has a similar 2-Step system. If you don’t have 2-step verification on your smartphone, you might want to check it out. Or, you could simply choose not to take nude selfies, right? I’m talking to you, Paul Dahl – we don’t want to see an image that will haunt us forever!!
Around 20 years ago, I was managing the implementation of the first corporate email system for the City of Victoria. After getting it running for over 1,000 users everyone used it like a gossip toy and was having great fun. Management got quite upset and asked me to come up with a policy to control email use. Huh? I thought it was a dumb idea and about as likely to be successful as trying to tell employees what they could talk about on their phones. But, a policy was demanded.
After considering many different ideas and options, I finally managed to come up with one simple policy to propose:
Do not write anything in an email message that you would not be comfortable seeing on the front page of the Victoria Times Colonist Newspaper.
After submitting my Policy Recommendation on Email to the powers that be I never heard another word about it, Eventually, the novelty of email wore off and it just became another annoying work tool like the phone!
Maybe though, Hollywood celebrities like Jennifer Lawrence, Kate Upton and Kirsten Dunst should consider a “new, fresh, updated” iCloud Policy:
If you must take nude selfies with your smartphones,never publish them on any cloud service unless you are completely comfortable with having those photos circulated over the Internet for all the world to see.
Thanks for visiting!
Không có nhận xét nào:
Đăng nhận xét