Following celebrity hacks: Do you still trust iCloud?

The high-profile hacks earlier this week have put the security of online-storage services under much scrutiny by the public.

Social media users have expressed their distrust of one service in particular, Apple’s iCloud.

However, one expert says that most of the time the fault lies with the user.

“When we talk about hacking, the strategy is always to find the weakest link in the chain. The weakest link in the chain, 9 out of 10 times, is the user,” said Ali Khawaja, from the School of Business and Management at the American University of Sharjah.

The brute-force method, which Khawaja described as the “oldest strategy in the book,” has been proposed as the technique that might have been used in the high-profile hacks.

Using the brute-force method, hackers enter a plethora of combinations until they reach the correct password.

“You will get literally every single possible combination there,” Khawaja explained.

Hackers use special software that allows them to enter combinations faster than they could manually type it in.

“That is perhaps the most inefficient way to hack a system,” Khawaja said in a telephone interview.

Most computing systems have a “checks and balance” security measure that would lock out a user after an incorrect password has been entered a certain number of times, but Khawaja said finding a loophole in the system would allow a hacker to rapidly check different passwords.

If there is a scenario where a system does not have in place measures that would lock a user out after a number of failed attempts, “it would be very possible to just run the software an infinite amount of times [until] they eventually get to it,” he told Al Arabiya News.

Commenting on the celebrity hacks, Khawaja said the victims may have received messages containing “malware or a key lock software” in an attachment that “they should not have opened” that provided the hackers with the passwords.

While Moiz Mansoor, an IT specialist based in Montreal, agrees that more complex passwords are the only strategy that could decrease the risk of hacking, “the onus is really on the companies to make sure your data is safe,” he said in an email.

Security measures, like two-step verification, are “moot if there are other security holes [such as a vulnerability in an Android application] that can be exploited,” he told Al Arabiya News.
Following the criticism that followed the leaked photos, Apple said that the accounts were compromised “by a very targeted attack on user names, passwords and security questions.”

“None of the cases we have investigated have resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone,” the technology giant said in response to the speculation that clouded its services, especially iCloud.

The software that might have been used in the hacking does not really do the hacking, it only find the correct combination to enter as a password, “if the other system doesn’t have something in place to stop after a certain number of attempts, anyone could get in,” Khawaja said.

“That does not mean that iCloud was hacked, it also does not mean that any of these major servers were hacked,” he said.

“Irrespective of iCloud, any system is not perfect ... there is always a possibility, it might be .00001 percent but there’s no 100 percent [security],” he explained.

Two-step verification

In the statement, Apple called upon users to use the two-step verification method to heighten security.

While Mansoor said that Apple “has been surprisingly late in implementing it on [its] systems,” Khawaja said two-step verification may keep accounts more secure.

“Anytime you add multi-layers of security, it is always a good thing,” he said.

Regardless of the inconvenience that two-step passwords may cause to hackers, “with enough motivation, it is possible for a hacker to get access to a device that is receiving codes for two-factor authentication, in order to intercept them,” Mansoor warned.