iCloud vulnerabilities under investigation following celebrity hacks
Tue 2 Sep 2014
Apple has announced that it is looking into reports that security flaws in its cloud services led to the hacking of various celebrity accounts and the subsequent publication of nude photos and videos.
The reports suggested that hackers had been able to exploit iCloud vulnerabilities and access individual celebrity accounts, used to store photos, music and other personal data across their Apple devices.
The celebrity images were leaked onto the image posting site 4Chan by a user calling him or herself a “collector,” rather than a “hacker.” The user has since revealed that more celebrity content is to be posted soon.
Although some celebrities have said that the leaked images are fakes, others have confirmed their authenticity.
“We take user privacy very seriously and are actively investigating this report,” announced Apple spokeswoman Nat Kerris.
A particular bug was discovered in the Find My iPhone application, which tracks a user’s phone in case of theft or loss. The bug, which has now been patched, allowed hackers to enter multiple passwords without being blocked, as is usually the case with other online services.
It is believed that this method is more likely to be the cause of the hacks into individual accounts, as opposed to hackers gaining access through Apple’s system.
“I would be shocked Apple itself was hacked,” said Rich Mogull, chief executive of security research and advisory body Securosis.
Jennifer Lawrence, star of The Hunger Games films, was identified as one of the hack’s main victims. She has requested an immediate investigation of the theft of graphic photographs obtained from her Apple mobile devices.
The celebrity hacks have raised serious concern over the security of cloud.
“It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it,” Ken Westin, security analyst at Tripwire, told the BBC.
“Although many cloud providers may encrypt the data communications between the device and the cloud, it does not mean that the image and data is encrypted when the data is at rest,
“If you can view the image in the cloud service, so can a hacker,” he added.