Hollywood nude photos scandal is not Apple's fault

Recently, the private nude photos of American actress Jennifer Lawrence were exposed, and her personal image and acting career are facing a crisis. At the same time, the nude photos of many big-name female stars were also exposed by hackers. After these photos were exposed, analysts pointed out that there may be security vulnerabilities in Apple's iCloud cloud storage service.

It's not Apple's fault that hackers stole account passwords

I disagree with this. First, iCloud uses an advanced symmetric encryption system to encrypt user data. Even if user data is illegally intercepted or obtained due to a service security vulnerability, it is just a bunch of ciphertext that cannot be parsed and understood. Second, the impact of security vulnerabilities is generally not limited to specific objects and specific information. Most importantly, a day has passed and Apple has not yet publicly responded to this highly sensitive news event, which means that it has been treated as an individual case.

The author concludes that if the exposed nude photos really came from the iCloud server, then the hackers are very likely to have mastered the iCloud accounts and passwords of these female stars. iCloud user passwords are encrypted for transmission and storage just like user data. Unless a very simple password is used and can be easily guessed, the possibility of being directly cracked is almost zero. So, how did the hackers know their iCloud account passwords?

Obtaining account passwords: database collision, phishing or Trojan theft

1. Database collision: Some non-critical business websites with poor security have leaked a large amount of user account data due to poor management or security vulnerabilities. The password field is not encrypted, or is only simply encrypted and can be easily cracked offline. Some users use the same username and password on various websites to save trouble. If one account is leaked, all the same accounts are leaked, which may include online banking passwords or sensitive service passwords such as iCloud.

2. Phishing: Hackers use similar domain names and interfaces to impersonate legitimate service websites to create phishing pages. Through DNS hijacking or other means of deceiving users to click, they enter the phishing pages and trick users into entering their usernames and passwords. Many people's QQ accounts are "stolen" in this way, but in fact they are given to "hackers" by themselves. User account information collected by "hackers" through phishing is also one of the data sources for "database collision".

3. Trojans: Users accidentally download and install Trojan software, and their devices are controlled. Hackers can monitor the user's every move, easily collect and upload usernames and passwords, and even directly steal private information such as documents and photos stored in the user's device.

The actresses on the other side of the ocean may all be victims of some of the above hacker attacks. The content reported so far cannot prove that there are security issues with Apple phones or its iCloud cloud storage service.

How to protect personal privacy?

There is nothing wrong with loving beauty, but private life must also be respected and protected. If you don't want hackers to easily steal your account passwords and private information, you need to keep the following points in mind:

1. Different passwords must be set for websites of different sensitivity. Ensure that the passwords are complex enough and change them regularly.

2. Before logging into a highly sensitive website (involving privacy and property, etc.), you must verify its domain name and security certificate, and avoid using free WiFi to access the Internet.

3. Curiosity kills the cat. Please be more careful when you see new and exciting content and avoid Trojan traps.

4. Before deleting sensitive information backed up to the cloud (such as "sexy photos", etc.), please confirm that synchronization is turned on. Otherwise, the information may be deleted locally but still in the cloud, or the corresponding information in the cloud may be manually deleted after being deleted locally.

5. Clear sensitive information before replacing or discarding equipment.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.