Biometrics could prevent ‘celeb porn’ hacking incidents

September 2, 2014 - 

Biometrics could be the ideal tool to protect private consumer data in the cloud.

In the wake of an iCloud security flaw that allowed the theft of nude photos last weekend of Jennifer Lawrence, Kate Upton, Kirsten Dunst and several other female actresses and musicians, Apple should consider integrating biometric authentication into its next iteration of iCloud security.

Authentication is the process of validating users, ensuring that they are who they say they are. Solutions range from traditional alphanumeric username and password regimens to the use of complex devices such as smart cards, tokens and biometric scanners. By ultimately combining Apple’s Touch ID fingerprint reader technology with a passcode for iCloud access, users should be able to enhance secure access to their personal, cloud-based digital storage.

An expert at Trend Micro, a noted computer security firm, believes that the celebrity photos were stolen either through a brute-force password attack, a password recovery vulnerability, a stolen password that was used across multiple services or by way of a compromised webmail account. Trend Micro suggests the use of two-factor authentication as a stronger approach to harden access to cloud-based accounts.

While two-factor authentication exists for certain iCloud functions, this approach could be made even more secure by making biometrics one of the authentication factors. If iCloud access was secured not only by passcode, but also by thumbprint on an Apple iPhone, chances of the celeb images being stolen would have decreased exponentially, especially if the authentication requirements were embedded right into the actual photos.

Increasingly, many users of smartphones never access their photos from a computer. If Apple decided to encode images so that they could only be opened with two-factor authentication on a smartphone that included fingerprint recognition, then it would be much harder to hack and obtain access to such personal material. Apple also must address security issues surrounding the recovery of deleted photos from its cloud storage and devices. Actress Mary Elizabeth Winstead claims that photos of her taken by her husband that were long deleted, had been illegally retrieved and stolen.

According to a CBS News report filed on Monday, Apple has responded to the breach by patching a security gap that could have allowed hackers to access iCloud accounts. A vulnerability in Apple’s “Find My iPhone” feature was exposed on the code-sharing site GitHub a day before the collection of nude photos depicting celebrities was leaked by a hacker. The “Find My iPhone” service was not equipped with a mechanism for preventing “brute force attacks,” where hackers utilize tools to test thousands of passwords against a user account until they find the correct one, according to an Engadget report.

The images first surfaced over the weekend on the infamous 4chan image bulletin board, where a hacker posted the photos and claimed to have many more pics of celebs, along with videos. The hacker threatened to sell the rest of the content to the highest bidder. The images made their way to Twitter, Reddit, Tumblr and even to Perez Hilton’s blog (ultimately the gossip columnist removed the photographs and apologized to the stars).

In light of the breach, some celebrities contacted the FBI about the hacking. “The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter,” FBI spokeswoman Laura Eimiller told CNN on Monday. “Any further comment would be inappropriate at this time.”

Apple also said it was is actively investigating the situation. In addition to the Apple and law enforcement investigations, lawyers for the stars, including for Lawrence and Upton, have issued strongly-worded warnings that they intend to pursue anyone disseminating or duplicating illegally obtained images to the fullest extent possible. Other celebrities, such as actress Victoria Justice and singer Ariana Grande, have denied that pictures circulating of them are real.

In the past, the FBI has successfully investigated a hacker who stole personal information from the e-mail accounts of Christina Aguilera, Scarlett Johansson and Mila Kunis in 2011. We can expect a prosecution to occur in this new high-profile instance, as there have been long-time rumors of a small “celeb porn” image-sharing ring, composed of elite hackers, active on 4chan site for some time.

Administrators associated with 4chan have claimed to have nude images of Hilary Duff, Selena Gomez, Kim Kardashian, Lea Michele, Hayden Panettiere, Rihanna, Kaley Cuoco Sweeting, Lea Michele and Jenny McCarthy.

Leave a Comment

comments

About Rawlson King

Rawlson O’Neil King is a contributing editor at BiometricUpdate.com and is an experienced communications professional, management consultant, trade journalist and author who recently published a book about control and electronic networks and who has written numerous articles in trade publications and academic journals about smart home and building technologies. Follow him @rawlsonking2.