If hackers gain access to your iCloud/Google Photos account, they could easily download all your photos without ever laying hands on your iPhone or iPad. And as we’ve seen time and time again, hackers can and do obtain passwords and break into such accounts.
Here are some tips on keeping yours safe from hackers.
Switch off automatic cloud backups on your phone.
You may not realize it, but by default, every photo you take on your iPhone is not only stored on the device itself – it is also uploaded to Apple’s iCloud, an online storage infrastructure for digital files. Apple says that the service is “built with industry-standard security practices and employs strict policies to protect your data.” However, it’s possible that the hacker who attained the latest batch of celebrity images did so by exploiting a weakness in the Apple system.
To turn off automatic iCloud sharing, you need to go into Settings, then iCloud, then scroll down to Photos and slide the option to Off. If you want to disable iCloud entirely, you need to go to the bottom of the menu and hit “delete account”.
On Android phones, photos can be backed up to the Google Plus cloud service, but this will be off when you first set up a Google account. However, if you’ve ever allowed automatic storage on any Google device linked to your account, that setting will be remembered on all subsequent hardware. You need to go into the Photos app, select General Settings, then slide Auto-Backup to Off.
Create proper passwords
Yes, this again. It’s possible that the photos secured during this latest hack were acquired through the brute-force method of repeatedly guessing a target’s password or security questions. If you’re storing data online, the advice from David Emm, part of the research and analysis team at Kaspersky, is to protect it behind a long, unique password that contains letters, numbers and symbols.
“It’s a perennial truism that humans are the weakest link in security,” he says. “Even with the most complex hacking attacks, targeting particular verticals or specific companies, the starting point is often delivering a phishing email at somebody or persuading them to click on a link or attachment. It’s humans who are the bridgehead. And when it comes to our personal safety, if we’re using weak passwords, or the same passwords across multiple sites, we’re playing into the hands of would-be attackers.”
Consider using “zero knowledge” cloud services
If you’re worried about the security of mainstream cloud storage services, consider using a “zero knowledge” solution like Wuala, Tresorit or Spider Oak. These sites encrypt all your data so it’s almost impossible for other people to view it – and importantly, the encryption happens locally on your machine, so even the staff at the company can’t access it or know your password.
Users may still have to exercise caution when sharing files stored on these services, however. Earlier this year, researchers at John Hopkins University published a report suggesting that data could still be vulnerable if shared over the cloud, rather than downloaded and sent directly in encrypted form to another user. Speaking to Network World recently, Spider Oak said that it advises customers to use its desktop app to share files rather than its web portal.
Encrypt photos on your own hard drives
If you’ve taken sensitive photos and want to keep hold of them, but are worried about what would happen if your laptop, tablet of smart phone is stolen, encrypting the files yourself is a good idea. “You can use Bitlocker, Microsoft’s built-in solution [The Mac equivalent is FileVault], or other encryption mechanisms,” says Emm. “We provide one ourselves, as do other data security providers. You can encrypt the whole drive or create specific repositories to hold sensitive data; you can then back it up to a USB drive so even if someone were to gain access to your computer, they couldn’t get at this data.”
Protecting your photos on Facebook
If you don’t want everyone on the planet to see the photos you post on Facebook you need to adjust the privacy settings. Log on to your account, then click on the padlock icon in the top righthand corner and select “who can see my stuff?” Click on that, and you’ll see and option titled “who can see my future posts?” Now choose “Friends” on the pulldown menu.
You can also customise settings every time you upload a new photo or album. In the “Update Status” window just to the left of the Post button, you can use the pulldown menu to select from Friends, Only me, or a custom privacy setting.
Finally, it’s worth going to the arrow menu in the top right of the Facebook window, selecting Settings > Security and then switching on Login Notifications, which tell you when someone is trying to access your account from an unknown browser, and Login Approvals which require you to enter a security code every time you access your account from a new device. This is also known as two-factor authentication, and is a good idea for other services such as Twitter and Dropbox.
Use private messaging apps to send sensitive photos from your smartphone
You’ve probably heard of Snapchat, the smartphone app that allows you to set a time limit on the photos you send to friends so that they erase automatically. There have been concerns over how secure these images are but there are other private messaging apps that claim to protect both messages and images, including Cyber Dust and Gryphn. These services both encrypt messages and files before sending, offer self-destruct capabilities on content, and claim to disable screen capture facilities on receiving handsets.
Consider only sharing photos directly
If there’s someone you want to share photos with, but are worried about storing them online or sending them via email, Instagram, Snapchat or similar, the best way is transferring them from device to device, perhaps via a USB stick. “This way the data goes literally from hand to hand,” says Emm. “And if you’re using an encrypted format and the stick drops out of your bag in a cafe, someone won’t be able to get at that data.”
Ultimately, as soon as your photos pass through the internet they are vulnerable to some extent – whether that means enclosing them in a text, or storing them online. “It’s always a good idea to think before you share,” says Emm. “Consider how embarrassed you would be if the provider was hacked or your content leaked. If it really is sensitive it’s best to exclude it from cloud services altogether.”