Fingers Point At Apple In Nude Celebrities Hack

You'll no doubt have heard by now that compromising pictures of several celebrities have been released into the wild, after being leaked onto the 4chan site.

There have been strong rumours that these photos have all been retrieved through Apple's iCloud service, which Apple devices use for automated backup of photos. There's also been a suggestion that Dropbox may have been involved, but most commentators are pointing the finger at Apple at the moment.  

There are two issues that should concern you right now. Firstly, how secure is my iCloud data and secondly, does my Apple ID password allow access to any other services?

It appears that iCloud has an inherent weakness in its authentication model, allowing unlimited failed password attempts against a user ID. This allows a brute force attack to be staged, where a machine is used to rapidly enter combinations of letters and numbers until the right one is found. 

That is something that Apple can easily resolve, but in the meantime you can improve your protection by creating a longer password - the effort required to crack a password is significantly increased the longer your password is. 16 characters should be your target here. Remember that your Apple ID is an open gateway to things like purchases from iTunes and Find My iPhone - either of which could end up costing you serious money. 

If you use your Apple ID password (or a close variation of it) on other services then now is the time to change them. It's unlikely that your account has been breached, but this would be a wise precaution to take. Now that the exploit is widely known, the number attempting to replicate it and the potential targets will widen considerably. 

For those actresses who have been exposed it has been a violation of their privacy and, if the attack method is confirmed, a failure by Apple to live up to its security promise. 

But they will have their fat bank accounts, crowds of hangers-on and fans to ease the embarrassment, if your account is exposed, the pain might not be so easily salved. 

0 comments: