How secure are we in today’s interconnected world

| September 4, 2014

The photos of some 100 celebrities have been stolen from their iCloud accounts. Cyber security expert Tanveer Zia has some precautionary measures which users should consider.

The hacking of more than 100 celebrities’ personal photos from iCloud is appalling. This has further raised concerns over security of cloud based systems.

Explicit and intimate photos of celebrities including Australian actress Tersa Palmer were posted on 4chan, an image based bulletin board, by anonymous hacker(s) who claimed that the photos are taken from celebrities’ iCloud accounts.

Theories have emerged on various tech blogs that the hackers found a possible vulnerability in iCloud’s “Find My iPhone” service which was exploited through a brute force attack, a trial and error method. However, after 40 hours of silence since the incident and intensive investigation, Apple has announced that the breach was a targeted attack on certain celebrity accounts and iCloud service as a whole has not been compromised.

This incident leads to much broader discussion on cyber security and online privacy. How much of our data are safe when posted online? Who can access it or if we need to remove, how we make sure that it is removed permanently? These are the questions which every user would be asking after reading this online security breach.

Although organisations such as Apple apply strong encryption techniques to apparently protect its users’ data, hackers with ill intentions are exploiting the residual vulnerabilities even in the presence of most sophisticated encryption techniques. The overwhelming amount of users’ interaction in the cyber world makes it humanly impossible to create stronger passwords for dozens, if not hundreds of online social networks or services a 21st century’s user has subscribed to. Many innocent users fall victim to social engineering and phishing attacks where they accidently reveal too much personal information which makes it easy for a smart hacker to guess their passwords.

This incident and many other similar incidents augment the need for two factor authentication. Similar to many banks where a transaction is not completed unless the user along with their online banking passwords enters an SMS code sent by the bank.

We need to revisit our online habits, because when we post information online, we lose some control on it. In today’s interconnected world a photograph taken through a smart device may be automatically posted on a social network site if a user has activated this to happen.

For example, with several devices (iPhone, iPad, iPod) enabled to sync with one iCloud account and having the My Photo Stream function activated, every time a user takes a photo with any of these devices, it is stored in iCloud as soon as the user is connected to a Wi-Fi.

In the wake of this incident, following are some precautionary measures which users should consider.

  1. Do not take photos which you don’t want to be publically seen
  2. Do not assume that a photo deleted from a device is permanently deleted, it might be sitting somewhere on its synced service or a cloud service such as iCloud, Dropbox etc
  3. Do not rely on default security settings of a device. In this particular scenario, turn off iCloud photo syncing or automatic backup in other smart devices
  4. Enable two factor authentication wherever available
  5. Change password practices and use stronger and different passwords for different profiles
SHARE WITH:
Tanveer Zia

Dr Tanveer Zia is Associate Head of CSU’s School of Computing and Mathematics in Wagga Wagga and has research interests in biometric security, cyber security, cloud computing security, information assurance, protection against identity theft, trust management, and forensic computing.