Privacy advocates are raising concerns about the safety of using cloud storage services after sexually explicit photos of A-list Hollywood celebrities were reportedly hacked from Apple iCloud. The names include the likes of Jennifer Lawrence, Amber Heard, Kate Upton and Kim Kardashian.
A number of celebrities have confirmed that the leaked photos were authentic, which has prompted by FBI to conduct an investigation. Jennifer Lawrence revealed through her publicist that she will be seeking legal prosecution against the individual who posted her photos originally and anyone who redistributes them.
‘This is a flagrant violation of privacy,’ Lawrence’s publicist Liz Mahoney stated. ‘The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.’
A day before the photos leaked on the web, ZDNet informed that hackers uploaded a roadmap to the code-hosting website GitHub for would-be hackers to exploit a vulnerability discovered in Find My iPhone protocols.
The vulnerability allowed adversaries to subvert login security features that shut out infiltrators just after a few unsuccessful attempts to login, allowing them to flood the login system with thousands of password tries with the hope of finding success.
Apple has acknowledged the issue and has patched the loophole, but the incident shows how back door vulnerabilities in online storage services can cause leakage of private data.
Owen Williams of TheNextWeb conducted a test showing that Find My iPhone locked him out after five attempts to access his account using the wrong password, indicating that Apple has patched the security loophole after the discovery.
Some security experts believe the attack could have been preventing with two-factor authentication. Apple, Google, Facebook and other major companies offer this feature to its users. But director of security firm FireEye, Darien Kindlund, informs Apple does not do a lot to notify users about this additional security step.
Two-step authentication requires users to enter a second code sent to their phone number in addition to the designated password. Because the users receive a different code every time when logging in, it is much more difficult for cyber criminals to hack accounts secured by two-factor authentication.
“In general Apple has been a little late to the game in offering this kind of protection, and doesn’t advertise it,” Kindlund said in an interview featured on Re/code. “You have to dig through the support articles to find it.”
“It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it,” security analyst Ken Westin said. “Although many cloud providers may encrypt the data communications between the device and the cloud, it does not mean that the image and data is encrypted when the data is at rest. If you can view the image in the cloud service, so can a hacker.”
Reputation of cloud storage sites
Despite the reasons given by security experts and Apple about the hack, the reputation of iCloud has taken a hit and other cloud storage services are likely to be affected as users question their trustworthiness with their private information.
CBS New York reports that more than 300 million people around the world store photos, files, and other data on cloud servers. Also, a lot of corporations use cloud servers to store sensitive information and business-related images.
While corporate images may not carry the similar price tags that those celebrity images do, there are plenty of reasons that companies may want to protect their images and files. And therefore, they may have second thoughts before using cloud services.
So what should cloud storage providers and companies do to protect their reputation and retain their customers?
A good option is to promote how hacks like these happen less frequently and how providers are looking to bump the security for their users to prevent future attacks and leaks. This can be done with the help of an ORM solution company like Massive that approaches the media from a uniquely aggressive angle and solves media issues while actively building positive content assets and promoting the best image of a cloud service provider.
It’s important for cloud companies to take responsibility in the reputation issue – and do whatever they can to assure customers the future is bright when it comes to security.