Business 2 CommunityCelebrities In The Cloud: Don’t Make The Same Mistake J. Law Did
The FBI is currently investigating the recent flood of hacked celebrity photos, but the most likely scenario for how the security breach was accomplished has the culprits working out the stars’ passwords, one at a time. Lately, it seems like there’s a new hacking incident in the news just about every other day. Last year, it was Target. Now, it’s Home Depot. And for the next few days at least we’re going to be seeing something about Jennifer Lawrence’s nude pics every time we turn on our computers. What are we to take from this? Target and Home Depot weren’t storing their information in the cloud. But, if the cloud is essentially third-party web storage, then doesn’t vulnerability in the web signal vulnerability in the cloud?
iBrute, iCloud, and Find My iPhone
The Target and Home Depot cases show that even if your information isn’t in the cloud, as long as it’s connected to the internet it’s potentially susceptible to hacking. Unfortunately, all these breaches contribute to a perception that any file not stored on your own devices is somehow at greater risk. In the case of the latest celebrity hackings, though, the real lesson has less to do with the vulnerability of cloud drives than it does with the personal complacency of users. Most of the stolen images were retrieved from Apple’s iCloud, but Apple insists there was no breach in the system. Instead, the hackers got access by guessing passwords, user names, and the answers to security questions. In other words, the bad guys probably used old-fashioned spying techniques, like stalking Facebook or Twitter pages, not advanced technical skills.
The hackers may, however, have used one piece of technology called iBrute. Apple offers a backup and recovery service for iPhone users called Find My iPhone, which duplicates everything you save on your phone in case you lose it somehow. (It apparently even keeps files after you’ve deleted them.) iBrute lets hackers sign in to their targets’ Find My iPhone files by trying different combinations of letters and numbers until it finds a working password. Apple has already built in a limit to how many password attempts a user can make in response to this latest incident, so iBrute is pretty much obsolete. But that’s probably little consolation to the hacked celebrities. (Most other cloud services have had password attempt limits in place for some time.)
Password Managers and 2-Factor Authentication
Aside from Apple being way behind the curve in limiting password attempts, then, the biggest security problems were more practical than technical. This means there are things we can all do to keep our information safe from this type of theft. Perhaps the most obvious thing to do is avoid using publicly available information for passwords and security questions. You may not be a celebrity who gets interviewed on TV all the time, but it’s probably not that hard for someone to find tidbits like your mother’s maiden name on Facebook. Also, there’s no rule that says you have to tell the truth with your answers to security questions—try coming up with a lie so outrageous you can’t forget it. (First pet’s name: Four score and seven years ago…—and now I have to change mine.)
Most security consultants recommend services called Password Managers. (Lifehacker recommends Dashlane.) The idea is that you sign in to one site and it creates and remembers unique and complex passwords for all the other services you use, like cloud storage sites. Another important step to take is to go in to your cloud service options and set up 2-Factor Authentication. This tells the service to remember your devices, and any time you try to sign in from an unrecognized device it sends a random passcode to your phone that you’ll have to type in to gain access. So you have to have physical possession of one of your devices to sign in to another one. For obvious reasons, this makes hacking your files much more difficult. Enterprise cloud services like OneDrive for Business and Office 365 actually make it easy for administrators to make all the company’s users to go through 2 factor authentication to manage access to corporate files.
The whole point of the cloud is to provide convenient storage, and providers are working every day to make their datacenters as secure as possible. But we still have to take some responsibility for keeping our own information safe. If a burglar gets into your house, even though you locked the door, because you forgot to lock the window, that doesn’t mean the home builder is to blame. This doesn’t excuse the hackers and thieves of course, but it does mean we have to recognize the price of many of our new conveniences is that we have to take a little extra time and do our own part to keep them secure.
This article was syndicated from Business 2 Community: Celebrities In The Cloud: Don’t Make The Same Mistake J. Law Did
More Tech articles from Business 2 Community:
