The entertainment world is in meltdown after celebs including Jennifer Lawrence, Mary Elizabeth Winstead and Kirsten Dunst reportedly had nude pictures stolen via iCloud and posted online.
And to make matters worse Mary Elizabeth Winstead claims that the photos shouldn't have even existed - having already been deleted from her phone.
Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked.
— Mary E. Winstead (@M_E_Winstead) August 31, 2014
So how did the hacker gain access - and should you be worried?
Fact is, details about how this happened are currently thin on the ground. The common thread in the leak appears -- and has been reportedly widely - as Apple's iCloud storage, but there's no proof yet that he/she used iCloud to gain access. It's possible, for instance, that all these celebs also happen to visit the same dentist, and had their photos accessed by a sticky-fingered hygienist. We just don't know.
The other fact here is that iCloud is pretty secure. So don't panic.
iCloud itself uses 128-bit encryption both upon delivery and during delivery of files making it very difficult to intercept anything that's in transit to Apple's servers. The same applies to anything that's actually on Apple's servers.
So could the hacker(s) have got the information from an iPhone or iPad?
It's doubtful. Any photos based within Photo Stream and in iCloud's shared albums are encrypted, and therefore safe.
Secondly if you have a passcode or Touch ID in place and connect your device to a computer you're still pretty safe.
A feature recently introduced by Apple means that any locked iPhone or iPad connected to a PC or Mac will have its entire contents encrypted. So even if someone managed to copy everything off of your phone they'd need the passcode to get access to it.
Where things get worrisome is when you don't have any physical security in place, especially when using computers you haven't used before.
- Any photo that is downloaded from iCloud and saved to Camera Roll loses its encryption, leaving the image entirely reliant on your passcode or Touch ID for protection.
- If you don't have a passcode or Touch ID then the moment you plug into that computer your Camera Roll photos are potentially vulnerable.
- Apple does put systems in place such as the 'Do you trust this computer?' prompt that appears every time you plug into a new PC or Mac, of course even if it's a computer your trust, the computer could still be infected with a virus.
As you can see iCloud -- when used correctly -- can be incredibly secure. It's when gaps start forming that your information can become vulnerable and could ultimately have led to the hacker in this instance gaining access to the photos.
How can you protect yourself?
Well on your iPhone Touch ID or something as simple as a numbered passcode lock will physically protect the phone and have the added advantage of encrypting the phone's entire contents whenever it's connected to a computer.
Apple also includes a highly comprehensive security system for Macs called FileVault 2. Using XTS-AES 128 encryption it'll secure your entire hard-drive with a recovery key which either you can keep hold of or Apple will store for you.
FileVault 2 is particularly useful because it doesn't just encrypt your Mac, it'll also encrypt any removable hard-drive for you as well so even if you're moving files physically it'll still have the same level of protection.