Date
17 December 2017
Oscar-winning actress Jennifer Lawrence was one of the Hollywood celebrities whose intimate pictures were uploaded on image-sharing site 4chan. Photo: Empire Online
Oscar-winning actress Jennifer Lawrence was one of the Hollywood celebrities whose intimate pictures were uploaded on image-sharing site 4chan. Photo: Empire Online

Nude celeb photo leaks point to ‘cloud’ vulnerability

Experts have raised concerns over the security of “cloud” storage sites following a massive leak of intimate pictures of celebrities, BBC News reported.

Nude photos claimed to be those of celebrities, including Oscar-winning actress Jennifer Lawrence and Sports Illustrated model Kate Upton, were uploaded on image-sharing site 4chan over the weekend, and the person or persons behind the leakage said they obtained the pictures via Apple’s iCloud.

Some of the celebrities said the images were fake, while others have confirmed their authenticity.

Apple is said to have fixed the bug, known as “ibrute”, which allows hackers to access an individual’s iCloud data by exploiting a weakness in Apple’s “Find My iPhone” service, Huffington Post reported, citing technology website Engadget.

Apple’s service had no “brute force protection”, meaning anyone who wanted to break into a person’s iCloud could repeatedly enter a large number of passwords without fear of being locked out, Huff Post said, citing internet news site The Next Web.

“It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it,” the BBC quoted Tripwire security analyst Ken Westin as saying.

“Although many cloud providers may encrypt the data communications between the device and the cloud, it does not mean that the image and data are encrypted when the data is at rest. If you can view the image in the cloud service, so can a hacker,” Westin said.

“Almost every service used online requires a password, and to ensure your passwords are secure, they must be complex,” Intel Security’s Raj Samani said.

“Each login should be unique, and be at least between six to eight characters in length using lowercase and uppercase letters as well as numbers and symbols.

“If you use one password across multiple sites, you are putting your personal data at risk — if hackers discover your password, they have easy access to your digital life.”

Also, hackers gain access to accounts by “phishing”, or tricking people into giving up their password, the BBC said.

– Contact us at [email protected]

CG

EJI Weekly Newsletter

Please click here to unsubscribe