Research

Celebrity Hacks & Encryption Policy

Written by Reflare Research Team | Mar 23, 2016 12:33:00 PM

There is an increase in hacking into celebrity accounts to steal photos, financial data and medical records. But you would think high-profile public individuals would have more secure data protection measures in place, right?

First Published 23rd March 2016

For some reason, celebrities aren't spending their days thinking about Rivest-Shamir-Adleman encryption.

4 min read  |  Reflare Research Team

Celebrity Hacks

The hacker responsible for leaking nude photos of celebrities in what was termed "Celebgate" pled guilty to charges that he leaked private photos from celebrity Apple and Google accounts. Just days after the plea, social engineering hackers were able to access Adele's personal photos including sonogram images.

In this recent hack, the attackers were able to reset Adele's password using security question answers they were able to find online. Security questions have long been a standard to protect a user's account. Users can answer one or two security questions and retrieve or reset their passwords. With celebrity information freely available on the Internet, hackers can gain access to their accounts by researching answers to celebrity security questions. In the Adele case, the hackers were then able to then reset her password and steal photos from her personal accounts.

Security questions have long been known to be a poor way to protect accounts. Security experts have proposed several alternatives, but a standard has yet to be defined. We recommend that any individual with a large public footprint treat security questions like passwords and enter random characters that only the actual owner of the account is likely to know.

The FBI Unlocks San Bernardino Shooter's iPhone Without Apple's Help

Two weeks ago, we reported that several videos showed methods to bypass the iPhone's locking system. It was prompted after several months of litigation between Apple and the FBI over encryption on one of the San Bernardino shooter's iPhones. If you recall, the San Bernardino shooter's iPhone was locked and the FBI filed suit requiring Apple to provide them with a backdoor to unlock the phone.

After several weeks of back-and-forth, several YouTube videos showed that various iPhone versions could be unlocked without an unlock code. This week, the FBI announced that it no longer needs Apple's help in unlocking the San Bernardino shooter's phone. It's likely that a third-party has sold an access procedure that can be used in this particular case.

The discovery is a win for Apple and the FBI. Apple can use its refusal to unlock the phone to market to users, and the FBI can use third-party tools found on grey or black hat markets. This will open doors for hackers to bypass locking mechanisms and sell the methods to law enforcement without compromising the underlying encryption.