HAVE U SEEN MY PHONE?!

by Tiffany Rad

unnamed.png

What’s the worst that could happen if you hacked a celebrity’s phone? Asking for a friend...

As with any type of security, humans are the weakest link, so it’s way easier to get into systems by manipulating people than by actually writing code and finding a vulnerability. It can be both time consuming and expensive to do something heavily technical when the most effective way of getting into places or systems—or celebrity cell phones—is through people.

Phishing is the cell phone hack that ensnared Jennifer Lawrence and a few other celebrities.* They were sent emails telling them to reset their password. They clicked on a link, typed their old password, and entered a new one. These emails looked official, but in the case of Jennifer Lawrence, she was duped by an email sent from a Gmail account.

Another technique to gain access to a celebrity’s phone is through third party compromise. With Apple, this exploits the situation where the user has trusted a third party app that works with Apple’s cloud service to store your data on the Internet. The problem with trusting an application on your phone is that the software may gain access to your pictures, sometimes automatically. If the third party application can be exploited, this may grant a hacker access to your photos stored in the cloud.

Password guessing is another avenue. Several well-publicized crimes occurred using this technique. A strong password is super important, as is having a password for accessing your phone. Celebrities have lost their password-free phones, and all of their data has been compromised. If you’re famous and have a pet, its name is probably a poor password choice.

Social engineering is another lo-fi technique that can prove effective. This exploits the human weakness for being chatty with an official sounding cold caller. “Hi, this is Verizon calling” they might say, or “Hi, I’m with AT&T and we’ve got a problem, we noticed that you’re going to be traveling, can you please give us your itinerary, and by the way, maybe you’d like to setup a new pin?” If you want your X-trated pics to stay X Files, then listen to Mulder, and Trust No One.

*In August of 2014 nude images of Jennifer Lawrence as well as many other female celebrities were leaked. Source: Arthur, C. (2014, September 1). Nude Celebrity Picture Leak Looks Like Phishing Or Email Account Hack. The Guardian. 

image1
image1

Written by Tiffany Rad