When the nude photos of popular actress Jennifer Lawrence and other celebrities leaked on 4Chan site by some hackers, many were asking how it was even possible. Security experts are of the view that it was done via breach in Find My iPhone app.
It is quite possible that the hackers discovered a security hole in Find My iPhone service. This app’s main purpose is to help people locate their missing phones via the cloud. And, hackers often use “brute force” programs to make repeated guesses of possible random passwords until a correct hit is made. So, it is possible that hackers used iBrute to get celebs’ passwords, and hence, the photos in their iCloud accounts.
This opinion is just a theory, as most hacking cases take place in a much straightforward manner, such as:
- The victim receives a phishing email and then responds to such email with their password.
- Someone’s computer is hacked and a spyware installed.
- A laptop that stores personal data is stolen.
- Hackers find your lost mobile phone.
Apple had launched a probe into the leaks and is now putting up a security upgrade to prevent brute force service from grabbing passwords via the Find My iPhone app. As a normal user, you are also at risk if brute force was used in the leaks. Brute force can be used if hackers knew your username.
Now, if you want 100% protection, it is simple: Stay off the internet. Which is almost like saying don’t eat breakfast in the morning. So let’s look at some other ways to stay safe:
Bullet proof your passwords
- Passwords for every website or account must be different.
- Passwords must have minimum eight characters and a mixture of upper and lower case letters, numeric and symbols not found in the dictionary.
- Use password manager app if you have so many accounts. But you must have a strong master password.
- Ensure that the password software you are using can be used on all devices.
- Consider using second layer protection like Yubikey. Plug your flash drive in; touch the button that will generate one-time password for that day. Or simply enter a static password that is stored right on the second slot.
- Keep a printout of Yubikey password as an added security measure in case Yubikey gets lost or is stolen.
- Keep passwords in encrypted Excel or Word or PDF file. Give this file a name which will not attract a hacker.
- Use the “key” method. You can start with a key of 5 to 6 characters (a capital letter, number and symbols). For example look at this: “apple” can be written as @pp1E.
- Next thing to do is add the year (2014) minus 5 at the end: @pp1E9.
- Change the password annually. To make this process even more secure, you should change the password frequently, even for every month. To make this process less daunting, you may use a key again, like the first two letters of every new month. So for March, it would be something like @pp1E9MA.
- Passwords can become vulnerable when you are accessing internet via Wi-Fi. Unsecured, unprotected and unencrypted connections can enable thieves to steal your personal info including usernames and passwords.
Use two-step verification process
Now, passwords appear to be the common thread in data breaches. However, passwords are not too crucial to the hackers if users have adopted a two-factor authentication process.
Now, go to appleid.apple.com and you’ll notice a blue button reading “Manage Your Apple ID” on the right side. Click that, then log in with your Apple ID. To the left is a link “Passwords and Security.” Click that. Two security questions will appear and you must answer so that a new section, “Manage Your Security Settings,” open up.
Now, click the “Get Started” link. After that you will be asked to enter your mobile phone number and once you do that you will receive a code via SMS.
If you have your mobile device with you, setting up a recovery key is a breeze and you will end up having a unique password in a few minutes.