Long time readers of this blog pretty much know that I am not a big fan of Apple. While I do think they have some good products, I don’t like the way they treat their customers (like infants who need coddling, for the most part) nor do I like the perceived ‘premium’ that is Apple when, in fact, they aren’t any better than, say, HP or Sony. So, when I heard about the data breach, err, alleged data breach of iCould, I was, initially, in the ‘huh, how about that…how are they gonna get past this?’ mode.
Well, it’s really very simple. They aren’t 100% at fault. They do shoulder SOME responsibility, but, for the most part, the ‘breach’ was really nothing more than some phishing, luck and a brute force exploitation of something that Apple fixed as soon as it was known to the public.
First, the problem: a number of celebs, apparently, enjoy photographing themselves and, perhaps, partners in compromising poses in the nude. Now, that’s their business, not mine, but…to do so on an iPHONE!? C’mon. So, these iPhones were backing the photos up to iCloud. My guess is that most of these people did not know this was the case. Some, perhaps, did and then deleted the photos. Problem was that pesky iPhone backup. The photos were there. Whatever the cause, these photos were up on iCloud in a space that was accessible if you knew where and how to get there.
Next, the back door. When you get an iPhone, you have to set it up. One of the things you set up-or not-is the Find My iPhone feature. You use your Apple ID and Password for this. Problem is, and unlike other services or even other parts of Apple, there was no cutoff to the number of guesses for the password. IF you know the ID, you could take forever to guess the password. And, that is, very likely, how access happened. The perpetrator thanked ‘all of those who helped’, so he/she probably had many people hacking away at a few specific targets. Once they got in, they got what appears to be iPhone backup files.
Apple swiftly fixed the problem with the password by limiting the number of guesses allowed.
Now, while this is still a crime and not a laughing matter, I do have to wonder why the mainstream press made this out to be such a huge deal. It isn’t. Yes, I am sorry Jennifer Lawrence’s photos went public, I’d be pissed too, but…the press had other pressing things to report.
That said, there are things you can do to protect your photos and data. And, remember, things like this can happen no matter what phone or device or service you use. These people did take advantage of a weakness in the Apple ecosystem. But, it could have happened purely by social means as well. So, what can you do?
First, enable two factor authentication. Depending on what service you use, this means a password and some other means, like identifying a photo, biometrics, whatever. Check into what your service offers.
Second, disable the auto upload of photos on your device. Apple enables it by default on the iPhone. Android, does not and neither does Windows Phone.
Third, check the privacy settings on the service.
If you must take ‘fun’ photos of an adult nature, don’t use a smartphone. Use a real camera. Protect the media you store them on. NEVER upload them. Once uploaded, there is always that chance they get out to the public. A disgruntled employee, a weakness in the system, poor passwords, you name it, it could happen.
Lastly, NEVER use identifiable email addresses. Create a cryptic email address at Outlook.com, Yahoo! or even GMAIL. Use that for your password recovery or even your account’s email. That way, most people won’t bother to try to break it.
So, there you have it. Apple’s reliance on Microsoft’s Azure cloud platform and Amazon’s AWS gives them rock solid foundations. They have made big strides in the front end as well. The steps they have taken to make the iPhone both safe and easy to use made this entire fiasco very unlikely to be anything other than what it was…a lucky hit by a few with nothing else better to do. Cut Apple some slack here.