By now you’ve probably heard about Jennifer Lawrence’s terrible weekend. And Kate Upton’s, and Mary Elizabeth Winstead’s, and many other celebrities’, too.
Thanks to what security researchers believe may be a flaw in the way Apple secures its cloud storage, dozens of A- and B-list celebs have had their naked photos buttered across the Interwebs.
Prevailing theory holds that a flaw in Apple’s Find My iPhone feature, which allows attackers an unlimited number of log-in attempts, may be behind the flood of fleshy selfies. Apple has issued a statement acknowledging the hack attacks but denied that they were caused by flaws in Find My iPhone or iCloud.
Regardless of the cause, this situation might have been avoided if the celebs had followed a few simple rules. Here’s how to keep random jerks from accessing your accounts and sharing your personal stuff across the Web.
Rule No. 1. It’s pretty simple: Don’t snap naughty pix with an Internet connected device like a smartphone. If you wish to document your godlike nakedness for some unspecified future purpose — say, to show your grandkids — use a digital camera that doesn’t hook up to the Internet. Or better yet, a Polaroid one.
Rule No. 2. If you must snap naughty pix on your phone, delete them immediately after the deed is done. The longer these images stay on your phone, the more likely they will find a way off, says Stu Sjouwerman, CEO of KnowBe4, which offers security awareness training to large corporations.
“Just find the Delete key and get rid of that stuff,” he says. “I mean, Hello? It’s not that hard. If there’s compromising stuff on your phone, you need to delete it before it gets onto the Net.”
Rule No. 3. Password-protect your phone. That way, if your handset is lost or stolen (and you’ve neglected to delete those shady snaps), no one will be able to view them, let alone butter them across the Internet.
In Android 4.4, launch the Settings app and tap Security. Select Screen lock and choose which method you want to use (password, PIN, swipe pattern, facial recognition, or whatever). In Apple iOS, go to Settings and tap Touch ID & Passcode (iPhone 5s) or Passcode (all other models), and choose Turn Passcode On. You can then choose whether to use simple or complex passcodes and when to apply them.
Rule No. 4. Don’t store these images in the cloud. Apple and Android handsets are set up to back your data up to the cloud and/or your desktop automatically, so you’ll need to go in and manually change those settings to exclude illicit snaps and any other sensitive data.
For instructions on using iCloud, see “How to Switch Off iCloud So Hackers Can’t Find Your Private Photos.” Google offers advice on how to turn auto-backup off for a variety of platforms here.
Rule No. 5. This is the best, most boring advice you’ll ever hear: Choose a unique and difficult-to-guess password for your log-ins, especially for accounts containing sensitive data. The longer the log-in, the less vulnerable it will be to brute-force attacks, which try thousands of popular passwords until they find one that works.
“Use a passphrase of six or seven words, something that’s easy for you to remember and hard for attackers to crack,” Sjouwerman advises. “After a while the hackers will give up and go after easier targets.”
Using an obscure email address that doesn’t reveal your identity can also help keep hackers from guessing your log-in name. Then use a cloud-based password manager like Last Pass or MaskMe to remember it for you. In other words, protect your online credentials like they’re dirty pictures you don’t want your grandmother to see.
Rule No. 6. If your service offers two-factor authentication, use it. This typically means the service sends a temporary PIN code to an unrecognized device, which you must enter onscreen before you can log on. As long as your mobile is in your hands, you can be fairly confident that only you can access your account, says Robert Siciliano, online security expert for McAfee.
Apple, Google, Facebook, Dropbox, and dozens of other services offer two-factor authentication, but it’s not always turned on by default. Instructions for your Google accounts can be found here; Apple’s two-step process is outlined here.
Rule No. 7. You say your favorite service doesn’t offer two-factor authentication? Then don’t store sensitive data there, or find yourself another favorite. “If my bank didn’t use two-factor authentication, I’d probably store my money in my mattress,” Siciliano says.
Rule No. 8. If you want to exchange naughty pix with your cuddlebunny, use a secure service like Wickr, CyberDust, or Snapchat that doesn’t store the images to your phone’s photo gallery and deletes them after a specified period of time. Then make sure it really does delete them.
Rule No. 9. Don’t get phished. The vast majority of data-stealing hacks still happen because somebody got fooled into handing a log-in to a total stranger.
The standard advice prevails, Sjouwerman says. “Take two seconds to look at every email that comes into your inbox and ask yourself, ‘Could this be a scam?’ ” he says. “If you get an email attachment you didn’t ask for, don’t open it. If you get a password reset you didn’t request, don’t do it. Think before you click.”
Also: Scam emails purporting to be from Apple regarding this attack have already begun appearing, according to published reports. You can bet “Click here to see nude pix of J-Law” scams are sure to follow. Fall for any of these and you leave yourself open to data theft, malware infections, and other things far worse than a few naked pictures of your butt.
Questions, complaints, kudos? Email Dan Tynan at ModFamily1@yahoo.com.