After a mess of intimate photos of celebrities including Jennifer Lawrence, Kate Upton, Ariana Grande, and others were stolen and posted up on 4chan and other image sharing sites, the smoking gun originally pointed in the direction of Apple’s iCloud service and security system. According to Apple, the company investigated the issue and has determined that the stolen pics were not the result of a breach of Apple’s security systems.
Here’s Apple’s statement:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
Unfortunately, part of the confusion over iCloud security and the celebrity photos stems from a security vulnerability that let a hacker use a brute-force password guessing system against an iCloud user name to gain access to an iCloud account. Apple has since patched that hole (the very existence of which was a travesty in the first place — after all, Apple is the most influential consumer tech company in the world).
How to Protect Yourself
Definitely read through Apple’s security page related to your Apple ID. And while you’re not a celebrity, do you really want to trust your private photos to any cloud-based service? Think about it. From a remote hack, it could take a lot of time for someone to figure out your password or socially engineer their way into your iCloud account — any account — and gain access to photos or sensitive information.
The far more likely scenario for a regular person is having some compromising photos from a party accidentally get emailed or tweeted or posted somewhere public. How many times have you looked down at your iPhone and wondered how you managed to fumble your iPhone while carrying stuff around so that random finger and hand touches somehow launched an app you forgot you even had — or ghost called your buddy?
The point is, the security of your personal photos generally isn’t that strong. For most of us, fortunately, the risk is also slim.
Do You Know Exactly Where All Your Photos Are?
Keeping track of your photos when you use iCloud to share them, though, is far harder than it should be. If you asked 20 average iPhone owners if they understand what happens to their photos as they move up to Apple’s iCloud servers when they have Photo Sharing and My Photo Stream turned on, I would be amazed if more than 2 in 20 could describe how their photos are stored, for how long, and what happens when they think they delete a photo from one of their devices.
Then, could these two iCloud, photo-savvy iPhone users explain it to their family members so they would understand? Maybe.
I think enough people have a hard enough time remembering that when they send a photo via email to a friend, that that photo is usually stored indefinitely as an attachement in their sent mail box, too.
Besides. This is even more complicated. What if a buddy (or lover) snapped a compromising photo on their own phone, which might not even be an iPhone. Where does that photo go? If it’s “deleted” from the phone, is it actually overwritten and gone forever? Or is it recoverable? Can you trust not only your friend’s intent and moral integrity over a period of years . . . but also that friend’s personal security skills?
