This celebrity privacy violation isn’t just an embarrassing story for a few celebrities. This is headline news, and now the FBI is investigating who was involved. While there are a million accusations out there, including several that point a finger squarely at Apple’s iCloud, it isn’t clear where hackers got the information. Charles Arthur at the Guardian thinks that this particular leak has all the hallmarks of an email-based attack.
Whatever happened, the results are devastating for those affected. Images shared privately are now public, and everyone who uses a smartphone is now wondering whether their data is safe on services like iCloud, Dropbox, and Box.
While it hasn’t been established that all of this information came from iCloud, it is clear that Apple’s “Find my iPhone” service had obvious security flaws that allowed hackers to repeatedly guess user passwords without being locked out. This meant someone could take an email and then just guess thousands of passwords until they got it right. Once they gained access, iCloud data was free for the taking. Since the most popular passwords are “password” and “123456” I’m guessing these hackers didn’t have much work to do.
Never before has a hack made a stronger case that everything should be encrypted client-side. Everything. Virtru wouldn’t have prevented all aspects of this story, but if it involved email messages and email hacks, Virtru would have been a strong firewall against compromised images. If you haven’t started using Virtru to encrypt your emails and attachments you should start today.
What does this have to do with your business?
Forget scandalous pictures. Are you sure you aren’t leaking your latest business plan or budget?
- How many people use an iPhone or an iOS device to conduct sensitive business transactions or share attachments for business?
- When you take a picture of a whiteboard during a sensitive meeting about a secret project, do you know if your images are being automatically uploaded to Dropbox or iCloud?
- When you receive an email with an attachment from a colleague at work do you know what happens to that attachment? Does it end up on Dropbox or iCloud if you open it on your phone?
- How about backups? Do you back up the contents of your iPhone to iCloud? If so, do you know whether that backup contains all of your data, including images?
If you are like me, you don’t use iCloud very often. It is a feature that is turned on – you might pay for backup storage space for your Apple device, but you don’t think about it much. That’s the promise of Apple’s technologies: you generally don’t think about it until you need it. I’m very aware of my privacy and the settings for everything I use, but I couldn’t tell you right now if my phone is set to automatically upload pictures to iCloud. I’m unsure because I’m constantly surprised by products and services that helpfully decide to turn on a new feature for me and sync my data.
The point here is that none of us has a quick answer to the question “Is your data safe?” Our mobile devices are leaky faucets for emails, images, and attachments, and everything we do ends up generating a trail of data that hackers can just vacuum up and analyze later.
Virtru is the control you need
After a scandal like this you wonder why our phones and our devices don’t all encrypt everything by default – or at least give us the option to encrypt. When I take a picture or save an attachment for business, my phone should give me the option to encrypt information at rest and in transit. If I take a picture I’d rather not share with the world, I’d like the ability to tell my phone to encrypt it. I would also like to control who can see it and where they can forward it to.
In terms of security, the industry has a long way to go toward creating systems that can protect our sensitive information. Right now there’s too much incentive to vacuum up data for advertising and consumer targeting. There’s also a general ignorance of the risk, but on days like this, that risk becomes known.
If you are using a mobile device to send and receive email, today’s a good day to decide to start sending secure. It’s your information, and you should get to decide who sees it.