Tuesday, September 2, 2014 - 00:54

When celebrities strip without intention

According to various news sites and comments by suspected victims a good share of celebrities had their nude photos and other interesting art published without consent. Apparently hackers brute forced into iCloud accounts to obtain the data.

This isn't the first time and I'm probably not that much of an oracle when I say it's not going to be the last time. The problem behind this is really a chain of problems and the overall situation favors this outcome.

We tend towards sloppy passwords and the most dangerous accounts start off pretty harmless. We need an account with Apple, Google or Microsoft and there's absolutely no meat behind this other than we have to. The meat piles up later when we add services and store actual data. But at that time we already have that account...secured with a password when it was more or less a nuisance without a particularly useful purpose.

Another huge part of the problem is complexity and dependencies. Smartphones are rather easy to use. But mostly they just hide a pretty hefty amount of complexity behind a simple - often oversimplified - interface. So everyone can use a device he or she doesn't fully understand. And the most dangerous part here is synchronization. What exactly goes where, when and why?

You take a photo and that photo may or may not be synced with multiple platforms and you may or may not be reminded of this fact. You might even have known that...at some time.

Most steps in the making of such a problem aren't much of a big issue. It's when they all converge over time. But there are some things that are broken by design with sync-preferences in the lead. There is data where a generic rule like on or off simply makes no sense. It should be there as an option because sometimes it can be that easy. But there should also be an option to require interaction.

Just because I publicly share about any photo I take doesn't mean I even want to sync photos I take of my family or my property. Photos are one of those things where privacy concerns can span a huge spread. Photos can be public, private or sensitive. And the sensitive part is simply never addressed. For most people this isn't a dramatic problem because their accounts are not really that interesting as a specific target. Apple made it a bit easy here but in general obtaining access isn't that easy. 

Celebrities however are a high profile target. Not just for a drive-by weekend fun-attack. But also for extortion and certain elements of the press. If you obtain access to their Apple or Google accounts you get a shitload of information you're not supposed to have. And a good share of that wouldn't be there if it wouldn't be for oversimplified and patronizing settings in connected services.

I'm pretty certain few of the affected victims here had any intention to share their private art with Apple in the first place.

It always is a question of media competence. And services on the net are a particularly difficult issue with that. But that doesn't mean service providers should go commando on their customers by pretending sharing private stuff with them is always ok because it's always handled with utmost care. It's not and it can't be. I can guarantee I'm doing my best - which would be more than Apple did here - to protect their privacy. But I simply cannot rule out a security breach and I cannot completely rule out and internal issue with a mole. Data that isn't intended to be shared with anyone shouldn't be synced with a public platform either.

If it's gone it's gone. Yes. That's unfortunate. But some data is better lost for good than leaked publicly. Doesn't mean I want to lose everything that way. And that's precisely why some data should be handled differently. And what data should be handled in that way should be up to the user and not the service.


According to Apple it was pretty much what was suspected. A targeted attack against few accounts. Not a loophole that allowed access to accounts without authorization. And of course 

Our customers’ privacy and security are of utmost importance to us.

needs to be said...

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. 

Strong passwords? Yes. Two factor authentication? Not really.

Apple states in their FAQ that 2-factor authentication protects

  • Sign in to My Apple ID to manage your account
  • Make an iTunes, App Store, or iBooks Store purchase from a new device 
  • Get Apple ID related support from Apple

I don't think any of these were the problem here. It's an empty phrase that makes you feel better unless you read the FAQ.

My opinion stays. We need to sacrifice some oversimplified decisions for more control over how content is handled by a service. This should be the default with the other two being optional. For Apple's two factor authentication...They could improve significantly. There are situations when it's impractical but Google solved this issue much better with application specific passwords. If any of those get compromised the attacker only gains access to the application in question and not everything else.

Twitter also has an interesting approach that requires confirmation from a trusted device if someone signs in somewhere else. So even if you know the user's credentials  you still require access to that device. It can be annoying at times but it's a pretty solid solution to this problem.