Posted on 2 September 2014
You may have seen, heard, over heard the recent news regarding several celebrities getting their phones hacked and some very personal images being stolen from their devices.
You might wonder as I have, how Mr. Jonny Hacker managed to get hold of these images. Several sources are suggesting that the celebrities iCloud accounts have been hacked. Seems reasonable, but what would normally stop access to these or in fact any cloud based account or service? Generally your email and a strong password? Possibly some two factor authentication involving software which provides security tokens? Presuming the security regarding any loop holes is in tact generally this would be a reasonably secure system.
Mr. Hacker would have to know the celebrities email account initially and then maybe brute force the password on the account, but then even if iCloud allowed 10 failed logins before locking out for an hour, every hour, every day for seven years, that would still only let you crack a 4 digit lowercase-alphanumeric password.
Now let's think about their devices and what was stolen. The iPhone and photos and what stops access to the images photos folder on an iPhone when it's plugged into a PC or MAC.... nothing. And consider another well documented issue with iPhones and all Smart Phones, battery power.
Let me set the scene, off I pop over to the Cannes film festival. I get chatting to a manager of one of the hotels and manage to get myself setup with a booth in the VIP area where celebs can charge their iPhone. Under my desk is a PC which is secretly sucking out the photos from their
phones. Celeb goes off to Val Kilmer's party safe in the knowledge they'll be posting selfies on twitter all evening. What sounds easier? (admittedly slightly far fetched but I was a keen fan of BBCs Hustle!)
So have you ever used a friends PC to charge your phone? have you ever used a phone charging station at a festival? Plugged into a PC in an airport terminal? Next time you are running low on juice for your smart phone maybe you should consider if they can be trusted or maybe use a USB condom to protect your data.