Posted: 09/02/2014 05:53:34 PM PDT
Updated: 09/02/2014 05:59:47 PM PDT
The unauthorized publication of naked photos of actress Jennifer Lawrence and other celebrities this week -- reportedly from an Apple web service -- raises a disturbing question at a time the tech industry is rushing headlong toward Internet-based storage:
Is your data safe on the cloud?
Apple's iCloud -- one of many competing services which lets people store emails, photos and other personal items on the web -- has been linked by news stories to the pilfered photos, which initially appeared on the image-sharing bulletin board 4chan and then spread across the Internet. Apple insisted Tuesday that its systems were blameless, but experts say the vast trove of information online has become a major lure for cyber crooks and security experts say the theft of celebrity photos is a harbinger of things to come.
'It is a stark reminder of the potential consequences of having sensitive material lying around in the cloud,' said Christopher Boyd of security firm Malwarebytes Labs, based in San Jose. 'For anything sensitive, people should consider storing this data offline on encrypted external hard drives,' he advised, adding 'the only real way to keep sensitive data secure is not put it online in the first place.'
Some of the nude photos reportedly had been deleted by the stars before they were posted on the Internet on Sunday, adding to the outrage of affected celebrities. Lawrence's publicist called posting the pictures 'a flagrant violation of privacy.' Actress Mary Elizabeth Winstead tweeted, 'To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.'
And actress Kirsten Dunst lashed out at Apple, tweeting, 'Thank you iCloud,' followed by two denigrating icons.
Suspicions that Apple was responsible come at a crucial time for the company. Besides the new products it is expected to unveil on Sept. 9, which include a new iPhone and a wearable device, it has announced that the new iPhone operating system will feature a dashboard where users can monitor their health and fitness. In addition, many industry observers believe Apple will install a near-field communication chip in the iPhone to turn the device into a mobile wallet.
If it makes those changes, Apple must reassure its customers they can trust it with their data, said John Jackson of research firm IDC.
'It is absolutely imperative,' he said. 'They're already in the services business, and they're only going to get deeper into it.'
In its defense, Apple issued a statement saying none of the stolen photos 'has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone.' The company was vague about where the images were obtained, saying only that 'certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. We are continuing to work with law enforcement to help identify the criminals involved.'
FBI spokesman Greg Wuthrich said the agency 'is addressing the matter.'
While the company's statement left unclear whether any of the images were obtained from personal accounts on iCloud, it did say that it advises its users to always use a strong password and to voluntarily provide another personal fact about themselves, a concept known as two-factor authentication.
But security experts questioned whether the company had done enough to protect the photos, particularly given reports that the crooks may have used an automated brute-force hacking method that floods sites with thousands of passwords in hopes of hitting on one that lets them access valuable data.
If that approach was used to filch the photos from iCloud, 'this does beg the question of Apple's incompetence in security operations,' said security expert Philip Lieberman. 'They should have detected large numbers of logon attempts from a specific address in a short period of time,' prompting iCloud to block further attempts to access the site after it detected a few bad passwords, he added.
In addition, some security specialists faulted Apple for not educating its users more about the advisability of two-factor authentication. McAfee chief privacy officer Michelle Dennedy also said consumers need to be more cautious by regularly updating the software on their computers to make sure it has the latest security patches and to 'make sure you think through what you are sharing with the world.'
Nonetheless, experts said the huge amount of information being stored on the Internet will continue to attract hackers. Previous cloud services that have been breached range from LinkedIn and Twitter to web marketer Epsilon and Nasdaq's Directors Desk service, which maintains records for thousands of corporations. And the toll is bound to mount, warned Vijay Basani, CEO of security company EiQ Networks.
'We will see increased number of security breaches,' he said, 'as long as there is a market for stolen data.'
Staff Writer Jeremy Owens contributed to this report
Contact Steve Johnson at sjohnson@mercurynews.com or 408-920-5043. Follow him at http://ift.tt/1fGGKSP
{ 0 comments... Views All / Send Comment! }
Post a Comment