Written by Philip Magson
Hacking stories abound in the media, covering very unfortunate incidents such as the theft of user data from eBay’s databases, or of user details from Orange France’s databases. In recent weeks however a series of stories have emerged covering detailed and successful hacking of a number of celebrities’ personal images and content from Apple’s iCloud service. This has given people all over the world cause for concern, but how concerned should we be about iCloud, really?
By way of some background data, there are hundreds of millions of people around the world with iCloud accounts, who rely on the service to store and backup everything from photos to ebooks to music files, purchase apps, albums and films and share content across devices and with their friends, families and colleagues. A few members of the Shack team own iOS devices, as do many of our clients, partners and suppliers. iCloud offers great convenience, and offers a handy automatic backup of a device, and relatively easy recovery if the device has to be replaced.
Photos have been the focus of attention, specifically very private photos celebrities and their boyfriends and girlfriends have taken and shared with them, and which have been stored in backup files in iCloud.
What’s particularly interesting about this episode is that Apple’s investigations suggest the successful hacking wasn’t due to a security breach, rather it was due to a sophisticated hacking approach that saw the hackers target user names, passwords and security questions. It is believed this was made possible – in part – by the abundance of information available on celebrities through profiles, media interviews and internet information.
For example, a common security question is“What is your mother’s maiden name?” which for celebrities is probably common public knowledge. A film star might have let slip the name of their first pet (another common security question) during a TV interview and of course dates of birth, cities they were born in, schools they went to and virtually every single other personal detail might well be available on the web.
It’s understood the hackers were able to use this very information to hijack accounts, then recover backup files to their devices and in doing so steal a full copy of the data stored in the backup.
Had the celebrities activated two-step verification on their iCloud accounts, none of this would have been possible and no doubt everyone affected, and millions of others, will be doing so, if they haven’t done so already.
What Does It Mean for the Rest of Us?
Happily, few of us attract the sort of public scrutiny that celebrities do, so hackers are probably not going to be hugely interested in photos of our most recent meal out, a day at the park or whatever we happen to have chosen to record. However, this doesn’t mean our data is any less vulnerable – some hackers ransom data, some might be vexatious and some might be interested in company emails or documents we have stored, so proactive protection is what we should all practice.
If you’re an iCloud user, activating two-step verification is in our view a must, and you can do so here: http://support.apple.com/kb/ht5570
Doubtless you will have many passwords for the various services you use and our clear advice is to use a different one for each service. Make them complex, and ensure you change them regularly, and you will be far ahead of the pack and your data will be all the more secure for it.
Unfortunately, nobody can totally protect themselves from hacking, but we can all take simple steps that vastly reduce our chances of being a victim.
If your organisation needs help managing data or device security, we’re here to help – give us a call or drop us an email and we’ll be on the case before you can say two-factor-verification!