What do Jennifer Lawrence’s stolen nude images have anything to do with Apple? Everything. Lawrence, a budding Hollywood star and leading actress of The Hunger Games, is putting Apple in the spotlight—not directly, but her leaked photos is saying a lot about Apple’s security system and management of its cloud services.
It’s one thing to have hackers hijack an ordinary Apple account, but it’s a completely different story when it’s an A-list celebrity. The whole Lawrence debacle is shining a bright light on Apple’s lack of attention to user security. Although the company implemented a two-step verification system to protect a portion of its cloud services such as the App Store, iTunes and iBooks Store, it does not completely shield users when it comes to photos, contacts, and calendar entries—all of which are backed up to iCloud.
On the surface, it seems like services from Apple are highly secured, but in light of recent events that is completely the opposite. In an era where people from 1 to 90 are constantly taking selfies and photos to keep private or share, it’s quite surprising that Apple hasn’t thought about plugging in the holes. The matter becomes much more traumatizing when compromising photos of oneself get hijacked. Many people have bought into the Apple slogan of keeping it simple and easy to use, but that shouldn’t apply to hackers and thieves.
Lawrence, and a slew of other celeb’s compromising content, photos were hijacked simply by using a third party software, according to Wired magazine and the BBC. ElcomSoft, the company responsible for making and distributing the software, isn’t ‘100%’ sure that its software was the sole culprit in bypassing Apple’s security measures, but even Elcomsoft’s CEO Vladimir Katalov has admitted that the software was possibly the only one capable (at the moment) of doing so.
According to security expert, Mikko Hypponen, Apple only implemented the two-step verification system to protect its users’ credit card information.
“It doesn’t require two-factor authentication when you just want to access the photo roll, or if you want to restore the back-up,” said Hypponen.
Furthermore, he added that he was able to pull and extract backup data from people’s iCloud account—something which not even the user themselves can do.
Apple hasn’t said much about the iCloud mess, but surely something is brewing within the labs to rectify and restore people’s faith in the company’s cloud offerings.
For now, however, it seems like the only thing we—as outsiders—can do is heed the warning of Professor Alan Woodward, a computer security expert at the University of Surrey, as he pointed out that Apple’s two-step verification system is fundamentally flawed in that it’s ‘like double locking the front door and leaving the window open.’