Recently, the Internet hype factory exploded with the news that a number of female celebrities had been hacked; with the contents (most notably photographs) being pilfered from their iCloud backups.
Of course, the photos that are getting the attention of everyone are NSFW (not safe for work), and the FBI is getting involved. Fingers are being pointed at Apple for lax security practices on iCloud accounts.
Apple is pointing fingers at peoples’ lax personal security policies, such as simple passwords and security questions with answers that can be easily researched online.
The blame game can be played, but at the end of the day, we all have a part in this blame.
Let’s talk about iCloud for a moment. Apple’s part of the blame is a vulnerability in the Find My iPhone service, where failed login attempts weren’t blocked after a certain number of incorrect answers. The hackers used a brute-force attack, which consists of the hacker entering different combinations of characters in passwords until the correct one is found. Had the Find My iPhone service been using protection against brute-force attacks, this breach of private data could not have been accomplished.
Apple quickly reacted after the attack and patched this problem, but I reckon this incident has bruised their ego (and stock price) — and right before the new iPhone launch event.
While Apple does hold some of the blame, user passwords and security questions are definitely a subject for discussion. While I don’t know how secure these people tried to be, I do know that many peoples’ passwords can be darn simple. Security questions about your birthday, what high school you attended, or your father’s middle name, can be easily identified thanks to the wonder of social media and Google. We provide a lot of information to the world, both knowingly and unknowingly, and this data can be mined relatively easily.
Using secure complex passwords, having custom security questions, and implementing two-factor authentication whenever possible are paramount in preventing this type of hack.
Now that we’ve addressed the lax security policies, let’s zoom out and take a look at what is really the major issue: personal privacy. One huge issue here is the violation of these peoples’ privacy by these hackers. This is definitely something that deserves attention, and prosecution for the guilty parties.
But the only reason this hack is seeing this amount of attention is because the victims are famous. It stands to reason that anyone could have been compromised like this. Amateur hackers can easily attain incriminating photos, videos, texts and more. Imagine what types of hacks are possible by professional hackers. It’s safe to assume that our government is able to get anything it wants should the need arise.
In our modern technological society, our expectation of privacy is nearly gone. We have become tethered to the Internet in such a way that we are doing all the heavy lifting. We are documenting our own lives, simultaneously giving others the means to monitor us. If you don’t want someone to see you, don’t take a picture. If you don’t think anyone can see it, you’re wrong. Don’t be surprised when your secrets are revealed if it is you who has been whispering them.