News

No One Is Safe: The iCloud Breach Shows How Easy It Is To Access Your 'Private' Life

by John Haltiwanger

The Internet exploded over Labor Day weekend when nude photos of multiple celebrities were leaked online. Last week, a post on the anonymous online messaging board, 4chan, claimed that these photos would be released on Sunday, August 31.

Well, the post lived up to its promise, as the photos started to flood in on Sunday evening. The hacker responsible for this "mobile hit job" says that it took several months and coordination from multiple people to pull off. The photos ended up on a number of platforms, including Reddit, Twitter and Tumblr.

Jennifer Lawrence, Kirsten Dunst, Kate Upton, Avril Lavigne and Lea Michele, among others, fell victim to this egregious violation of privacy.

Dunst issued a prompt and apt reply to the leaks via Twitter:

Thank you iCloud — Kirsten Dunst (@kirstendunst) September 1, 2014

Indeed, it seems that a flaw in Apple's iCloud is to blame for the leaks.

Ostensibly, iCloud is a fantastic and convenient service. It allows Apple users to store photos, music, videos and other media online, which can then be accessed from multiple devices via their accounts.

Yet, it appears that another iPhone app, "Find My iPhone," created a vulnerability in the system, which allowed hackers to access people's passwords via iCloud. Find My iPhone uses iCloud to help people locate their misplaced or stolen iPhones.

It's somewhat ironic that while Apple created these services in order to make its customers lives easier, it may have also left them more exposed.

Recently, a post on the online code-sharing website GitHub claimed that it had discovered a bug in Find My iPhone. Basically, it allowed for hackers to keep trying passwords until the right one was found, granting them access to other people's iCloud data. This is a hacking tactic known as "brute force," but Apple typically protects users against such attacks.

Typically, a certain number of failed password attempts will cause an account to lock. Yet, for some reason, Apple failed to provide this protection with the Find My iPhone app. Hackers were able to repeatedly enter passwords until they found the right one.

Consequently, the passwords of a number of celebrities were accessed via a brute force service called "iBrute." By accessing celebrity iCloud accounts, these hackers were also able to obtain the nude photos, which were subsequently leaked.

In essence, Apple simply overlooked that the application had this flaw. Accordingly, hackers jumped at the opportunity to seize other people's data.

While it has not been completely confirmed, most experts believe that the nude photos of celebrities, like Jennifer Lawrence, were obtained this way.

According to reports, Apple is actively investigating these issues, and apparently issued a security upgrade on Monday. Yet, there are still reasons to believe that Apple has not completely fixed the problem, thus iCloud users may still be vulnerable.

While Apple should certainly address this issue as expeditiously as possible, what's happened here is a reflection of larger and more troubling trends regarding the Internet. Simply put, due to the way that the Internet is structured, our data are far more accessible than we might like to believe or are even aware of.

These types of personal intrusions are precisely what whistleblowers, like Edward Snowden and John Napier Tye, have tried to warn people about.

While Snowden and Tye are very different in terms of the methods they employed to release information about government practices, they both have quite similar messages. In essence, due to the fact that most personal information is now stored online, almost anyone can access it with the right knowledge and tools.

In this case, a group of renegade hackers accessed the personal photos of a group of celebrities. With that said, despite the fact that an individual's data are relatively accessible these days, it is unlikely that most of us are being directly targeted.

As Justin Worland puts it for Time:

If the hackers did indeed use a brute force method on the iCloud and Apple has yet to fix the problem, then, in short, yes it could happen to you. Brute force methods can be applied so long as the hacker has your username. That said, this method does not collect broad amounts of data for a lot of people. Hackers would need a reason to target you specifically.

Worland makes an important point. Simply put, you're likely not very interesting to most of these hackers (you're not famous), so they probably aren't targeting you. This is probably true in terms of government surveillance as well.

Yet, that does not mean that we can't take more precautions in terms of the information we share and store on the web.

Moreover, just because hackers or the government are unlikely to look at our data, it doesn't mean that they have a right to employ such practices.

It's very disconcerting that the government has the power to engage in programs that resemble the activities of hackers. Everyone has the right to privacy, it's granted to all Americans by the 4th Amendment to the United States Constitution.

At present, the FBI is investigating the leak of these nude photos. Yet, while the hackers responsible for this should certainly be brought to justice, perhaps this incident should also prompt a wider public discussion about online data, the government and privacy.

For the time being, there are many methods and tools you can utilize to protect your information. These include using an encrypted email service for example.

In the case of Apple, you should definitely consider using two-step verification, which requires answering personal questions in addition to entering a password before an account can be accessed. It's unfortunate that we live in a world where this is necessary, but it's important to be practical.

The Internet is vast and beyond what most of us can even begin to comprehend. Within the last 20 years, it has become an entity in which virtually all human knowledge can be stored.

Accordingly, it is both a gift and a curse, a tool and weapon. Likewise, the public must come together and collectively decide how this power can be harnessed for good, rather than the exploitation of others.