About Those Revealing Celebrity Photos
September 3rd, 2014As if there weren’t important stories to cover, the media is making a huge deal of the fact that purported revealing photos of a number of movie stars and other notables somehow found their way online. So such names as Academy Award winning actress Jennifer Lawrence and model Kate Upton were bandied about as victims of this offense. It was even suggested that the racy photos were somehow acquired by hacking their iCloud accounts, and Apple even investigated to see what was going on.
Now before we get into the obvious common sense implications of such incidents, some members of the media are pretending it’s just a problem with the iPhone and iCloud, and that’s not so. According to an AppleInsider report, some of these celebrities have been revealed taking selfies with other handsets, including Android, and that platform has a less-than-stellar reputation for security.
Unfortunately, Apple’s close ties with the entertainment industry have made them a target, but is any of it really Apple’s fault?
Let’s look at the logic of the situation. Famous people are always targets. People want to know more about them and their lives. Personal information, particularly personal foibles, are actively sought by some less-savory members of the media. That random revealing photo someone may have taken early in their career suddenly shows up and becomes fodder for media reports and speculation.
Now it’s true that people often do foolish things, and certainly someone seeking fame and fortune as a performer ought to think twice about what the paparazzi might find. Even photos taken in the privacy of one’s home may be stolen by hackers or others with access to their personal belongings. So this is nothing new.
Despite the slim possibility that any of this had something to do with an iCloud security problem, Apple investigated anyway and reported that it didn’t. From their official statement on the matter: “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”
Understand I am not saying that celebrities are necessarily stupid people. Most of just regular folks who happened to find a way to earn a living from their special talents in a public arena. But I cannot believe someone didn’t sit them down and explain to them how things work when you’re in show business. Don’t they have agents or other personal representatives who might warn them of the consequences of their actions? Well, probably not when it comes to getting arrested for drunk or impaired driving, or engaging in bar fights, or going out on the town with someone other than their significant others.
So I guess it comes with the territory that the racy photos taken in the privacy of their homes would somehow be discovered and posted.
The best advice, other than to display a modicum of common sense of course about what photos they take, would be to do what’s necessary not to make their online accounts easy prey. Choose long, secure passwords, or use two-factor authentication where possible, as it is with Apple. In such a setup, you provide a traditional password and enter a code that iCloud sends to your iPhone. Of course if someone steals your iPhone, and you haven’t engaged Find My iPhone, there’s yet another way for someone to get ahold of your account info and login to compromised accounts.
Of course, someone could take the conspiratorial approach and suggest that some of these celebrities enjoy the attention, even if it involves photos of them in compromising poses. They are exhibitionists, and when they parade themselves in public to get attention, that may be par for the course. Certainly I do not dispute one’s right to photograph oneself or someone else wearing little or nothing, but someone in a sensitive business should have thought better of such behavior — I’ve already gone there.
Considering all the publicity this episode has received, it’s clear that more attention than ever will be drawn to these photos even if they’ve been taken down. And, no, I won’t provide any links. I haven’t even bothered to look since I have other priorities.
So if you want to find them, enjoy. If the celebrity intended for those photos to be there, all well and good. If not, they are still entitled to some measure of privacy, and I’d hope they are learning a lesson to be less cavalier about using tech gear that requires logins.
As you know, simple passwords can be easily hacked. Even online services that promise security don’t always deliver, although Apple does a better job than most. But since Apple has been portrayed as a possible culprit here, please don’t forget that anyone who wants the maximum level of security should check a platform’s history first and see what ones offer a better chance at keeping your data — even your racy photos — safe. In that respect, Android is probably the worst choice, particularly if you have an older handset or tablet that doesn’t have the latest OS.
Or just be careful. And this is harsh, but if you’re careless about protecting your online life, don’t be surprised if there are unsavory consequences.
Print This Post
While this is unfortunate that Apple is getting all the undesirable attention, it was good that Apple stepped up to put forth a statement after conducting an investigation. One major thing that I noticed is that Apple gets more challenges to its security than Google does. The tech media appear to give Android a pass. I don’t mind the challenges as this will keep Apple on its toes regarding the price of security. What I do mind is the tech media jumping to a conclusion without a sound base of facts. I did like reading that “some sites” took down the pictures. At least, these sites did the right thing. I would like to see the “criminals” prosecuted and find out more on the whats and hows on the break in.
Unfortunately, there are people who spend every waking day looking for vulnerabilities, and it appears Apple was complacent about protecting certain vectors in their cloud infrastructure, particularly in Find my Phone, which until recently apparently allowed unlimited login attempts without locking out the user. In addition, even if the user enables two-step authentication, it only protects some of their Apple data, mainly credit cards.
Having said that, it’s not clear that any of these vulnerabilities were exploited to access those revealing photos from iCloud. It might simply have been obsessive research and social engineering. After all, some celebrities are like an open book when it comes to their past history — mother’s maiden name, favorite pet’s name, first car, street they grew up on, favorite teacher, etc.
Hopefully, Apple will become OCD about locking everything down, but this still might not prevent every possible exploit.
Ultimately, the buck stops with you, the individual, when it comes to protecting your data.
I’m surprised that no one’s mentioned the possibility that this is all a propaganda campaign by Samsung. Maybe Samsung hired hackers. The timing, to say the least, is suspect.
I sure wouldn’t put it past ’em.
@Ted Schroeder, It did cross my mind, Ted. It’s true that some of those photos weren’t new. One performer said she had deleted hers years ago, so how’d they turn up now? Perhaps someone was waiting for the right time to make a huge deal of it.
In passing, I wonder how many Google Play accounts were also compromised along the way? But you won’t hear about that.
Peace,
Gene
The “general” cloud services I know of — e.g. iCloud, Dropbox — to various degrees glop together the concepts/functions of syncing, sharing, and backing up files, without making the distinction clear to a typical user. Because of this, the whole cloud enthusiasm seems ripe for user unhappiness when something unexpected happens.
For example, there should be a clearly understandable way to sync files without having them retained on a server where they can be hacked.
In the other direction, a friend recently related how unhappy she was with Dropbox because some shared files got corrupted (and the corrupted files synced), and Dropbox tried to explain to her why it wasn’t their fault and they couldn’t fix it.