Celebrity Photo Hack has Raise Security Fears for iCloud Users

Celebrity Photo Hack has Raise Security Fears for iCloud Users

Has the leak of high-profile celebrities private photos made you think twice about what you store online?

iCloud security risk

What happened?

100 celebrities got hacked, which lead to some of them having nude photos being leaked. Jennifer Lawrence, Winona Ryder and Kirstin Dunst were just some of the celebrates that had pictures stolen, and then posted on a message board on 4chan. Some of the photos were confirmed as real by the celebrities, but some clamed the pictures were faked.

At the time of writing, it’s not yet clear just how such a large number of celebrities got hacked in just one go. Initial reports have suggested Apples iCloud was the culprit, as iPhones will automatically sync images to the cloud as part of a back up, and some of the users might not of been aware of this. A security researcher has revealed a way of braking into iPhone accounts that uses a script to guess the password and will not trigger the automatic lockdown if the password is typed in wrong to many times.

In some of the naked selfies that were taken by celebrities, the phone used could be identified as Android and not an iPhone, this suggests the leak was not limited to just the iCloud. The developers behind the iPhone password hack only made the details of the process available the day before the photos got leaked, this left little time to hack so many people, Security experts Rik Ferguson and Trend Micro have suggested the celebrities were victims of a phishing attack instead.

The victims of the hack and people following the story may never get the full answer to how it happened, but the FBI and Apple have both said they will investigate it. Since the hack Apple have added some new security features to their iCloud services called two-step verification to try and stop this in the future. Twitter has suspended several accounts that were posting the stolen nude images, however this did not stop the images from spreading across the web.

How will it affect you?

Don’t try and find or share theses photos as Lawrence has said she will take legal action against anyone that posts the images online, other celebrities may also follow suite.

You might want to consider if your own photos (naked or otherwise) are stored being securely, you should make sure your phone is protected, with a password or PIN. While typing a PIN in every time you want to use your phone might be annoying but if you lose it or it gets stolen you will be glad you took the time to make it secure. When using websites or online services you should always have a complicated password, it might be hard to remember it but you can get password managers like 1Password or LastPass to help you.

If the hack was through iCloud many of the victims might not even realise their photos have been stolen, as they might not know Apple uploads them to its online storage service automatically. You should turn off automated back ups if you have sensitive photos you don’t want leaked.

On iOS:

  • Go to iCloud
  • Settings and then disable Photo Stream

On Android:

  • Open the Photos app
  • Tap Settings
  • Auto-Backup and un-tick ‘Back up local folders

What do I think?

We are all smart with the benefit of hindsight, but I bet most of the celebrities that got hacked will be kicking themselves for being stupid enough to take photos they would not want anyone else to see and then not protect them properly. I bet most of us don’t always take the necessary precautions when it comes to online services, how many of us can say they have a strong and unique password for every site or services we use? Hackers may not be hell-bent on finding naked photos of us (we don’t all have Lawrences figure), but we are all targets, whether it’s for our email logins, eBay account or bank details. We should not blame the victims, instead we should reprimand the hackers and criticise the poor or bad security systems. When iCloud or any other big online services gets hacked they are rarely held responsible, instead we blame the victims for using weak passwords.

I think tech companies could do a lot more to protect their users. Hopefully, this invasive and upsetting hack will be enough to make people think twice about what password they use and how important it is to have secure communications and storage, hopefully tech company’s will understand they need to take better care of their customers, we can all hope right?

Share Button

Java Security Issues

Java Security Issues

JavaWhat happened?

Security researchers across the world have said web users are still at risk from flaws in Oracle’s Java, a software platform used across websites, despite the company issuing a patch to fix it.

The patch is meant to reduce vulnerabilities that were leaving people at risk of identity theft and credit card fraud. Adam Gowdiak, a researcher with Poland’s security exploration who has discovered several bugs in Java over the past 12 months said: “We don’t dear tell users that it’s safe to enable Java again”

Java is so widely used that the software has become a prime target for hackers. Last year, Java surpassed Adobe’s Reader software as the most frequently attacked piece of software, according to security software maker Kaspersky. A week before Oracle issued the patch, the US Department of Homeland Security advised people to disable Java. Bitdefender also advised people not to use it.

How will it affect you?

If you are committed to using Java, make sure you have updated it to the new-patched version. Being on the latest version won’t eliminate every risk, but it will ensure you are covered for existing threats, and it reduceds the chance of being hit by others.

Turning off Java is easy. In Chrome, type chrome://plugins in the address bar. Scroll down to the Java section and click ‘Disable’ you can easily turn it back on again following the same process.

In Firefox, go to Tools, Add-ons, and Plugins and click disable. Turning Java off in IE is more difficult, but you can easily remove it in Windows by going to the Control Panel and removing the software entirely.
Once you have done this, your browser will tell you when a site requires Java, giving you the option of turning it on if you trust the site.

What do I think?

All companies are hit by security holes – it’s impossible to keep bugs out of software as there are as many, if not more hackers looking for new ways to attack than there are security researchers looking to keep us safe.

We can’t blindly depend on web firms to keep us safe. We need to learn how to take defensive measures on our own. In this case, it’s relatively easy, and a good lesson. By turning off features and plug-ins you don’t use, you’ll leave fewer holes for attackers to sneak through and jeopardise your security.

However, it’s high time that the worst offenders – Oracle with Java and Adobe with PDF software and Microsoft with Windows, Office and IE – Improved their game and do more to protect us. When security is such an issue that government agencies are advising users to ditch software, it time to admit there is a problem.

Security experts say Oracle is as much as two years behind patching serious holes in its software. The company need to invest in improving its software or it could risk losing users.

Don’t wait for Oracle to catch up: disable Java now, you will cope without it.

Share Button