Last week, the Internet hype factory exploded with the news that a number of female celebrities had been hacked; with the contents (most notably photographs) being pilfered from their iCloud backups. Of course, the photos that are getting the attention of everyone are NSFW (Not Safe For Work) and the FBI is even getting involved. Fingers are being pointed at Apple for lax security practices on iCloud accounts. Apple is pointing fingers at peoples’ lax personal security policies, like simple passwords and security questions whose answers that can be easily researched online. The blame game can be played, but at the end of the day, we all have a part in this blame.
Let’s talk about iCloud for a moment: Apple’s part of the blame is a vulnerability in the “Find My iPhone” service where failed login attempts weren’t blocked after a certain number of incorrect answers. The hackers used a brute-force attack, which consists of attempting different characters in passwords until the correct one is found. Had the Find My iPhone service been using protection against brute-force attacks, this breach of private data could not have been accomplished. Apple quickly reacted after the attack and patched this, but I reckon this incident has bruised their ego (and stock price) right before the new iPhone launch event.
While Apple does hold some of the blame, user passwords and security questions are definitely a subject for discussion. While I don’t know how secure these people tried to be, I do know that many peoples’ passwords can be darn simple. Security questions like your birthday, what high school you attended, or your father’s middle name, can be easily identified thanks to the wonder of social media and Google. We provide a lot of information to the world, both knowingly and unknowingly, and this data can be mined relatively easily. Using secure complex passwords, having custom security questions, and implementing two-factor authentication whenever possible are paramount in doing as much as you can to prevent this type of hack.
Now that we’ve addressed the lax security policies, let’s zoom out and take a look at what really is the issue: personal privacy. One huge issue here is the violation of these peoples’ privacy by these hackers. This is definitely something that deserves attention and potential prosecution for those guilty parties. But the only reason this hack is seeing this amount of attention is because the victims of the hack are famous. It stands to reason that anyone could have been compromised like this. Amateur hackers can easily attain incriminating photos, videos, texts, and more. Imagine what types of hacks are possible by professional hackers? It is safe to assume that our government is able to get anything they need should the need arise.
In our modern technological society, our expectation of privacy is nearly gone. We have become tethered to the Internet in such a way that we are doing all the heavy lifting. We are documenting our own lives, simultaneously giving others the means to monitor us. If you don’t want someone to see you, don’t take a picture. If you don’t think someone can’t see it, you’re wrong. Don’t be surprised when your secrets are revealed if it is you that has been whispering them.
