#CyberSecurity Jennifer Lawrence Nude Photos Leak: Why iCloud Security May Not be the Reason Behind Breach


On Sunday, in an apparent hacking leak of Apple's iCloud service, huge numbers of accounts were reportedly compromised and this was followed by leaks of nude photos of several celebrities, including Oscar winner Jennifer Lawrence.

It is possible however that the actual hack did not take place against iCloud, but rather, another website from where login credentials were obtained and then tried on sites like iCloud. With most services using an email ID as your username today, hackers don't even have to try and guess at your identity in most cases, and the same credentials can often work across multiple sites.

Su Gim Goh, Security Advisor Asia for F-Secure (which was recently in the news after it published a reportabout Xiaomi handsets sending users' data to China without seeking permission), was in Delhi on Monday to discuss F-Secure's biannual threat report, tells NDTV Gadgets that at this early stage, he doesn't think the hack took place at iCloud at all.

"Security issues aren't the problem of just one manufacturer," Goh says, "but actual malware on iOS is still pretty limited. Obviously, we don't recommend jailbreaking your phone," he adds, and indeed, the malware that F-Secure has found for iOS so far has been only for jailbroken devices. "[for iCloud] I don't know right now what happened, but the hackers could have actually gotten the usernames and passwords from any other site," Goh says. "And then they could have run a program to keep trying usernames and passwords against iCloud to find the ones that work."

If this is correct, then the leakers wouldn't have had to bypass Apple's security at all to get access to years' worth of backups of people. From there, it would only be a question of identifying the accounts of famous people, and then sorting for the pictures to leak.

Among the celebrities whose pictures allegedly were stolen and posted online were Avril Lavigne, Amber Heard, Gabrielle Union, Hayden Pannettiere and Hope Solo, according to Mashable. Media reports said among the other starlets targeted were Hillary Duff, Jenny McCarthy, Kaley Cuoco, Kate Upton, Kate Bosworth, Keke Palmer and Kim Kardashian.

"The problem is that most people don't change their passwords, and they use the same password on different sites," he adds. "And there's actually an interesting chicken and egg issue here, which is that the longer and more complex a password is, the less likely users are to change it."

When asked what people should do to protect their own data in such situations, Goh says that the more steps that are required to access your data, the better - such as enabling 2-step verification. Another step that Goh recommends is using a password manager. "A lot of people say it doesn't really help," says Goh, "but if it makes it even a little more complex for people to get your password then it's worth doing. There are a lot of different applications available now, we have also launched on called F-secure Key [Android |iOS]. How many passwords can you remember? Every site needs a password now - you need one just to read the news."

And this means that when you use the same password in a site with low security - Goh pointed out that sometimes, due to sloppy code, this information might even be passed "clear", that is, without any encryption - then even a service with high security becomes vulnerable, in the absence of secondary measures like two-factor authentication.

Source http://gadgets.ndtv.com/internet/news/jennifer-lawrence-nude-photos-leak-why-icloud-security-may-not-be-the-reason-behind-breach-585118

Comments

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

‘Not Hospital, Al-Shifa is Hamas Hideout & HQ in Gaza’: Israel Releases ‘Terrorists’ Confessions’ | Exclusive

Islam Has Massacred Over 669+ Million Non-Muslims Since 622AD