If you’re one of the 20 percent of Americans with an Apple iPhone, you may find yourself nervous after hearing about security breaches of celebrity phones via alleged hacking of iCloud’s Photo Stream system.
Many people assume their clouds are safe, or else are unaware that photos and other content are synced to a cloud at all.
First, let’s make one thing clear: the fault of such privacy invasion rests squarely on the shoulders of the hacker(s) in question, and in a perfect world, users wouldn’t have to worry about safety precautions beyond those built into the platform.
Even so, it’s a good idea to make sure your cloud is as safe as possible, or at least be aware of the ways it can be infiltrated.
Cloud Safety 101
Generally speaking, both iCloud and Google’s cloud are at the forefront of cutting edge security. Both companies take extensive measures to protect data stored there.
Apple’s security measures include:
- Data encryption on server and in transit
- Photos which have a minimum level of 128-bit encryption
- passwords that aren’t stored within Apple apps
- For outside apps, passwords that are sent over SSL encryption
- Splitting up files and storing them on different machines
- Data that is obfuscated (meaning it’s indecipherable to anything but the server)
- 450 full time security engineers on watch
- ISO 27001 safety certificate and other audits that cover everything from G+ to Hangouts
The FBI is investigating Apple, though evidence points to some known weaknesses within their security system.
Unfortunately, even if the cloud has no holes, passwords can be a vulnerable point of entrance.
Password Safety 101[contextly_auto_sidebar id=”M7TpS4j921vffV7jsM8WerkVnSR9MZlo”]For a password to be fool-proof, it must be both unique and strong. This means not only that longer passwords incorporating letters, numbers, and case sensitivity are preferable, but that utilizing different passwords over different websites is a wise idea.
Why? Because if one website is vulnerable to hacking, and you use a universal password for access, hackers can theoretically infiltrate more secure systems with the lifted authentication.
Apple, Google, Facebook, Twitter and more all offer an important measure called two-factor authentications, which is the recommended way to prevent security breaches. A two-factor authentication requires a regular password (something you know) as well as a physical object (something you have) for entrance.
The second factor is usually a text code sent to your phone or computer, which you need only enter once for each device: Anyone attempting access from another device will be denied entry.
Password experts also recommend not linking accounts, and using password management websites to keep authentication codes safe, accessible, and uncrackable.
Alternatively, you might just want to turn your cloud off.
As we’ve noted before, sometimes it takes time for security measures to catch up with the innovative tactics used by cyber hackers.
Apple allegedly discovered–and subsequently plugged–a hole in its cloud-based service, Find My iPhone, but only after it was exploited, perhaps among other multiple other methods, to steal the private photographs of over 100 female celebrities. (To disable this feature, select Settings > iCloud > and switch off Find my [device].)
Users of the forum 4chan are speculated to have used a brute-force program called iBrute to flood Apple ID logins with potential passwords, but whether it was accomplished by their crude ingenuity and persistence (the hack may have taken months or years), or Apple’s failure has yet to be determined.