Jennifer Lawrence was one of the celebrities who had images leaked
Experts have raised concerns over the security of "cloud" storage sites following the leak of intimate pictures of celebrities.
It is understood some of the images were obtained from services such as Apple iCloud that back up content from devices on to the internet.
Apple is understood to be looking into the issue.
One expert said that private data "becomes much more difficult to control" when using cloud services.
"It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it," said Ken Westin, security analyst at Tripwire.
"Although many cloud providers may encrypt the data communications between the device and the cloud, it does not mean that the image and data is encrypted when the data is at rest.
"If you can view the image in the cloud service, so can a hacker."
Apple has not commented on speculation regarding iCloud's security, nor the celebrity leak.
'Years ago'
Around 20 celebrities, including actress Jennifer Lawrence, had images of themselves leaked on image posting website 4Chan.
The user posting them - who defined him or herself as a "collector" rather than "hacker" - said more images of different celebrities would soon be posted.
While some of the celebrities said the images were fake, others have confirmed their authenticity.
Actress Mary Elizabeth Winstead posted on Twitter: "To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.
"Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this."
Winstead's comments would suggest iCloud was not at play, as pictures on Apple's service are only viewable online for 30 days.
Mary Elizabeth Winstead said the images of her were oldPatch
Other experts pointed to a recent security issue involving iCloud and the Find My iPhone app.
A vulnerability posted online, but now understood to have been fixed, exploited a flaw that meant a hacker could carry out what is known as a "brute force" attack.
These attacks take a username - the celebrity's, in this case - and repeatedly try to log in using hundreds of the most popular passwords used online.
"Almost every service used online requires a password, and to ensure your passwords are secure, they must be complex," said Raj Samani from Intel Security.
"Each login should be unique, and be at least between six to eight characters in length using lowercase and uppercase letters as well as numbers and symbols.
"If you use one password across multiple sites, you are putting your personal data at risk - if hackers discover your password, they have easy access to your digital life."
But more often than not, it is human weaknesses that give hackers the simplest route to compromising accounts.
"Phishing" people - meaning to trick them into giving up their password - is considered perhaps the simplest and most targeted way hackers gain access to accounts.
-----------------------------------------
Raj SamaniIntel Security"If you use one password across multiple sites, you are putting your personal data at risk ”
Posts
0 comments:
Post a Comment