iCloud Photo Thefts Put Apple, Cloud Data Storage in Cross Hairs

 
 
By Don Reisinger  |  Posted 2014-09-03 Email Print this article Print
 
 
 
 
 
 
 
 

Apple is performing damage control on one of the most embarrassing data breaches in recent memory. The personal iCloud accounts of a number of prominent movie stars and entertainers have been hacked, allowing the attackers to post nude photos of Hollywood actresses on the Web and attempting to generate revenue from the photos, at least some of which are purportedly authentic. While the images were initially posted to 4chan, an image-sharing forum, they have gone viral, reaching at least for a time a wide range of social sites like Reddit and Twitter. In a statement on the thefts, Apple said, "Certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions." However, the company denied that the thefts "resulted from any breach in any of Apple's systems, including iCloud or Find my iPhone." In any event, the thefts call into question the security and privacy of all cloud data storage systems in a world where such hacks have become all too common. This slide show looks at what we know about the data thefts and what Apple, iCloud users and all cloud data storage services need to do to safeguard customer privacy.

 
 
 
  • iCloud Photo Thefts Put Apple, Cloud Data Storage in Cross Hairs

    by Don Reisinger
    1 - iCloud Photo Thefts Put Apple, Cloud Data Storage in Cross Hairs
  • It Started With iCloud

    This hack came about because some household-name celebrities apparently uploaded private images and personal information from a variety of computing devices to Apple's iCloud service. The hacker or perhaps a group of hackers launched targeted attacks against these celebrities' personal accounts to gain access to whatever was stored in the iCloud accounts.
    2 - It Started With iCloud
  • Security Analysts Blame the Lack of Two-Factor Authentication

    Some security experts said iCloud customers are vulnerable to attack because of the lack of two-factor authentication on the accounts. With that feature in place, the hacker would have been forced not only to enter the correct password, but would also need to have a second form of identification to get access to user accounts. That didn't happen with the celebrities' accounts because they ostensibly did not take advantage of Apple's two-factor authentication option. Hopefully, in the future, more people will use Apple's two-factor authentication services, or Apple itself will start to require it.
    3 - Security Analysts Blame the Lack of Two-Factor Authentication
  • Purloined Images Circulated Widely on the Web

    Not surprisingly, the images that were initially posted to 4Chan started widely circulating on the Web very quickly. The photos, some of which are reportedly real and others fake, were shared on Twitter, Facebook, Reddit and other sites. While many of the sites have removed the images, they're still floating around the Web and likely will continue to do so indefinitely.
    4 - Purloined Images Circulated Widely on the Web
  • Apple Claims iCloud Itself Isn't to Blame for the Data Leaks

    While security experts and pundits have been quick to blame Apple's security flaws for the hack, the company claims that iCloud's infrastructure isn't at fault. In a statement late on Sept. 2, Apple said that the hack was "a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet." Even so, the company could expect to face some backlash from security experts who contend Apple should have done more to prevent the data thefts.
    5 - Apple Claims iCloud Itself Isn't to Blame for the Data Leaks
  • Was iBrute the Culprit?

    A tool called iBrute might have been used in the attack, according to some security experts. However, the tool, which carries out a so-called "brute-force" attack that uses an endless string of password guesses to break into users' accounts and files, was marginalized by early September when the tool's author said Apple closed the vulnerability that allowed it to work. It's likely, though, that the attacks were going on for a long period and iBrute could have been used before it was neutralized.
    6 - Was iBrute the Culprit?
  • Security Experts Say to Limit Password Guesses

    One of the big issues with Apple's iCloud is that it allows for an unlimited number of password guesses. So, an automated tool like iBrute could be used to carry out an attack that inputs countless guesses until the password is finally cracked. It hasn't been confirmed that this was the tactic used, but considering Apple's password system doesn't time-out after multiple password entries, it gave the hacker an unlimited number of chances to break the password security.
    7 - Security Experts Say to Limit Password Guesses
  • This Isn't Just Apple's Problem

    Let's not forget that Apple is not the only cloud storage service that's at risk these days. While its iCloud was the apparent target this time, countless companies have had to deal with network and database attacks that resulted in data breaches. Some of these breaches have resulted in the leak of celebrities' private images. Apple just happens to be the latest victim in a long line of attacks.
    8 - This Isn't Just Apple's Problem
  • Apple Says It Will Fix the Problem

    To its credit, Apple said it is moving swiftly to address the security issue. The company has said that it has looked into how this happened and will take every measure to ensure it doesn't happen again. The big question on everyone's mind, however, is whether Apple actually has the ability to stop hackers from accessing iCloud. Like every other company out there, Apple is discovering that safeguarding customer data is a serious challenge.
    9 - Apple Says It Will Fix the Problem
  • Analysts Say This Won't Hurt iPhone Sales

    Apple is planning to hold a product introduction on Sept. 9 when it is expected to unveil the iPhone 6. Some pundits suggested that the hacks would negatively affect iPhone sales, as customers would see iCloud as a security risk and decide against buying the company's device. However, several Apple analysts chimed in on the issue, saying that it won't hurt iPhone sales whatsoever, and Apple will have yet another banner year for smartphone sales.
    10 - Analysts Say This Won't Hurt iPhone Sales
  • This Didn't Just Happen Overnight

    When, exactly, did the hack occur? Although the pieces are being put together, it's believed that the hacker was able to access the accounts over a period of time. The attacker may have been stealing the images from targeted accounts for at least several weeks. Only after all that data was stolen did the hacker actually move to release the images and threaten to share even more.
    11 - This Didn't Just Happen Overnight
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel