Nude photo leak a chance for channel to talk cloud security

The leak of some nude images of celebrities after a cloud hack has highlighted the need for greater awareness of hosted security

This article can also be found in the Premium Editorial Download: MicroScope: MicroScope: October 2014

The revelations that a hack has led to a flood of naked celebrity pictures hitting the internet is a timely reminder that the channel must promote security to users considering placing sensitive and personal data in the cloud.

The list of celebrities that have been hacked includes movie and music stars, with Jennifer Lawrencem Selena Gomez and Rihanna among them, with some nude images that they would rather have kept private now becoming public.

Although some stars have claimed that the images are fake some have confirmed that very sensitive photos are real and have slammed hackers for a violation of privacy.

The target for hackers appears to be Apple's iCloud system, which allows users to upload photos taken on an iPhone and iPad into the cloud, but the vendor has not confirmed this.

The response from security vendors has been to remind the channel of the need to make it clear to users that they need to think carefully about what sort of data is placed into the cloud.

“It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it. Once images and other data are uploaded to the cloud, it becomes much more difficult to control who has access to it, even if we think it is private," wrote Ken Westin, security analyst at Tripwire in a blog post.

"Although many cloud providers may encrypt the data communications between the device and the cloud, it does not mean that the image and data is encrypted when the data is at rest. If you can view the image in the cloud service, so can a hacker," he added.

Alex Fidgen, group director of MWR InfoSecurity, said that it was better to keep highly sensitive data off the cloud completely and for more users to be made to understand how some devices backup information to the cloud.

"Users should be aware that many devices will automatically upload photos and received messages to the cloud as a backup service. If the sensitive data is personal photos, people should consider turning backup off, using a different device to take such photos or at the very least, going into the cloud service after the fact and deleting the photos from there," he said.

Fidgen's other advice was to talk about the need for two-factor-authentication and the risk of people giving out passwords and then compromising their entire cloud security.

Read more on Data Protection Services