Apple has confirmed that some celebrities' iCloud accounts were broken into, but says it has found no evidence that this was caused by a breach of its security systems. Instead, the firm suggests perpetrators carried out their thefts by figuring out victims' log-in credentials.
The statement follows the online publication of intimate pictures of about 20 personalities. Actress Jennifer Lawrence and model, Kate Upton, have confirmed their leaked photos were real.
There had been speculation that the images were obtained due to a vulnerability in software that allows users to locate missing iPhones, since it had allowed unlimited password guesses.
But Apple has indicated that this was not the case. "Our customers' privacy and security are of utmost importance to us," said the firm in a statement, adding;
"We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilised Apple's engineers to discover the source.
"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the internet.
"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved."
The FBI said earlier that it was looking into the case.
Experts had highlighted that celebrities could be vulnerable to attacks if their passwords or security question answers could be guessed from articles written about them.
But one academic, Dr Steven Murdoch, an information security researcher at University College London, suggested that it would take more than obscure log-ins to shield internet accounts from the risk of theft.
"This isn't the first time photos have been taken off cloud storage and it won't be the last."
"And it's not fair to blame the victims of crime who may have simply been following the instructions websites are giving to protect their accounts.
"Authentication is not cheap to do right at large scale.
"If you contrast what Apple and Dropbox and Google are doing with what banks are doing, then you can see the banks are taking significantly more steps to protect their customers. They are sending hardware and letters to customers, and sometimes requesting they come into branches, which gives better security but at a cost."
Dr Murdoch said that users wishing to do more to protect themselves could activate two-factor authentication - which can involve the user having to type in a short code sent via text message to their phone number as an extra security step before they are given access to their uploads.
'Creepy effort'
Images of the celebrities were leaked on image posting website 4Chan.
The user posting them - who defined him or herself as a "collector" rather than "hacker" - said more images of different celebrities would soon be posted.
Copies of the images spread to other services, including Reddit, Imgur and Twitter, from which they were subsequently deleted by administrators.
While some of the celebrities said the images were fake, others have confirmed their authenticity.
Read More BBC
No comments:
Post a Comment
Click Post a Comment to share your thoughts, I'll love to hear from you. Thanks!
*Comments on old posts are moderated and may take sometime to be shown. That's just because I want to see them and respond to you if necessary.