Community
By now you’ve heard that Jennifer Lawrence’s (and other celebs’) cellphone nude pictures were leaked out, but how in the heck did the hacker pull this off? Tech experts believe it was through the “Find My iPhone” app.
Someone anonymously posted nude photos of Jennifer Lawrence and Kate Upton to the 4Chan site, and the stars confirmed the photos were of them.
It’s possible that the hacker/s discovered a vulnerability in the Find My iPhone service. This app helps people locate missing phones via cloud. hackers use a “brute force” program to protect hack accounts. These programs make repeated guesses at random passwords for a particular username until a hit is made.
So it’s possible hackers used “iBrute” to get celebs’ passwords, and hence, the photos in their iCloud accounts.
This is only a theory, as most hacking occurs in a more straightforward manner such as:
a person receiving a phishing email and responding with their password
someone’s personal computer gets hacked and spyware is installed
a laptop with all kinds of data is stolen
the wrong person finding a lost cellphone.
Also, evidence suggests that some of the leaked photos came from devices (like Android) that won’t back up to the iCloud.
Apple is investigating the leaks, and apparently put out a security upgrade Sept. 1, to prevent a brute force service from getting passwords via Find My iPhone.
You yourself are at risk of this breach if brute force indeed was used, as long as the problem hasn’t been fixed. If someone has your username, this tactic can be used.
If you want 100 percent protection, stay off the Internet. (Yeah, right.)
Bullet proof your passwords
Use two-step verification.
Apple’s iCloud asks users two personal questions before allowing access. And let’s face it: We’re all wondering what Jennifer Lawrence was thinking when she decided it was a smart idea to put her nude photos into cyberspace.
Passwords seem to be the common thread in data breaches. But passwords aren’t too valuable to a hacker if they come with two-factor authentication. This is when the user must enter a unique code that only they know, and this code changes with every log-in. This would make it nearly impossible for a hacker to get in.
Go to applied.apple.com and you’ll see a blue box on the right: “Manage Your Apple ID.” Click this, then log in with your Apple ID. To the left is a link: “Passwords and Security.” Click that. Two security questions will come up; answer them so that a new section, “Manage Your Security Settings,” comes up. Click the “Get Started” link below it. Enter phone number and you’ll receive a code via text. If your phone isn’t available, you can set up a recovery key, which is a unique password.
All that being said, two factor will not protect your phones data. Apple is lax in making this happen. What Apples two factor does is protect you when you:
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Hassan Zebdeh Financial Crime Advisor at Eastnets
08 October
Jelle Van Schaick Head of Marketing at Intergiro
07 October
Kuldeep Shrimali Consulting Partner at Tata Consultancy Services
Nikunj Gundaniya Product manager at Digipay.guru
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.