The past couple of weeks were filled with news about nude celebrity photo hack. These celebrities, apparently, have something in common. They all use iPhone and have the default setting on the Camera Roll, which backs up their photos automatically to iCloud. Unfortunately, some people managed to hack into their iCloud accounts and published their private pictures on the Internet. This whole Celebgate create a doubt on the security of cloud storage, particularly the iCloud.
What exactly fappened?
Before jumping into conclusion and avoid online backup service altogether, there are a few things worth knowing about the incident.
- It's all about the money. There are communities and trading networks solely dedicated to stealing private data. To show that they mean business, they have clearly divided roles within their organizations, i.e., social media information collectors, password retrievers, and stolen data organizers. And initially, those celebrities' nude pictures was not meant to be published publicly, but to be sold.
- The celebrities are targeted. On its media advisory, Apple announced that the attack was very targeted. One investigation revealed that the photo collection represents months, maybe even years, of work by several hackers.
- iPhones are targeted. Similar to Windows, iPhone's popularity makes it an obvious target. It is not easy to find a vulnerability, as it takes considerable amount of time and efforts. Once found, however, a more popular platform has bigger payoff than a lesser known one. In this case, iPhone's vulnerabilities are: first, its automatic online backup on the Camera Roll is turned on by default. And second, Apple's password recovery process does not have rate limit and strict lockout, making it susceptible to brute-force attack.
Cloud storage is popular because it is becoming more affordable and convenient to use. As long as we are connected to the Internet, We can access our data backed up in the cloud anywhere, and at anytime. However, in the light of this debacle, there are a few simple steps that can be taken to increase cloud security, while keeping its convenience:
- Don't take nude picture. Popularity, nudity, and (cloud storage) vulnerability have been proven to be a lethal combination. This is especially true if you are an attractive young lady, like Jennifer Lawrence.
- Turn off photo auto sync. If you do take nude picture of yourself, please make sure you take this step. I personally find the photo auto sync feature useless, as I publish most of the photos I take.
- Use strong password. I admit, creating a strong password is a hassle, let alone different strong password for each login. However, we can use password manager to create and store all of our passwords. 1Password and LastPass are both popular options. Although not complete, you can also find other options on the list of password managers.
- Use two-step verification. As a simplest case of multi-factor authentication, two-step verification only requires one out of three types of authentication factors, usually the possession factor, by adding an extra layer of security in addition to username and password to login. This extra layer usually takes the form of code generated by a security token, or SMS sent to a registered mobile phone.
Is there anything I missed? Please share in the comments below.