Apple Investigating Celebrity Phone Hack
- Jonathan Moore
- Sep 01, 2014 04:46 PM EDT
- Sign up to receive the lastest news from LATINONE
-
Apple has announced that it is "actively investigating" the apparent illegal access to several high-profile iCloud accounts by an unknown hacker. The incident allowed the hacker to obtain photos and videos of dozens of celebrities, many of them showing the stars nude or in compromising positions, and then post them on the Internet for all to see.
Apple's spokesperson Natalie Kerris announced Apple's response to the incident today: "We take user privacy very seriously and are actively investigating this report." The photos were reportedly stolen from the stars' iCloud accounts and were then initially uploaded to the site 4chan. They have since shown up on social media sites and apps and on sites like Reddit.
While it is too early to know exactly how the hacker gained access to these accounts, some are stating that simply enabling a two-step verficication security feature could have prevented unlawful access. Two-step verification usually requires the main account holder to verify anytime a login to their account occurs. This is usually accomplished by sending a text to the user's phone whenever someone logs in to their account.
Apple has yet to make any comment on the matter other than that they are looking into exactly how this happened. A tech security firm, Mandiant, has apparently examined the attack and concluded that it was "a fairly straightforward attack." According to them, two-step verification could have prevented this incident, and they say that while iOS devices support the measure, Apple has done little to promote its use among its users.
"In general Apple has been a little late to the game in offering this kind of protection, and doesn't advertise it," said Darien Kindlund, director of Mandiant's threat research division. "You have to dig through the support articles to find it."
Another factor that could have allowed this hacker to gain access to celebrity accounts is the fact that Apple allows unlimited attempts at password guesses when logging into to its online portals. By contrast, even Windows will lock up after a limited number of failed user login attempts. Apparently this issue has now been fixed by Apple, but begs the question of why they never addressed it before. It's basic brute force security defense.
Kindlund also commented on this blunder by Apple saying, "The attackers never should have been allowed to make an unlimited number of guesses."
- Sign up to receive the lastest news from LATINONE
-