The recent theft of compromising celebrity photographs connected to Apple Inc.’s (NASDAQ:AAPL) iCloud server has many questioning the safety of iOS devices like iPhones and iPads, which have long been lauded for their highly encrypted software and hardware. Anonymous users on the image board 4Chan claimed to have hacked various iCloud accounts to obtain compromising photos of about 100 celebrities, including Avril Lavigne, Hayden Pannettiere, Kate Upton, Mary Elizabeth Winstead and Rihanna. Some of the celebrities involved in the leak have confirmed that the images are authentic.
The leak may have to do with a possible security vulnerability within Apple’s Find My iPhone service. The Cupertino, California, company has not confirmed the connection but announced it is investigating iCloud involvement in the hacks. The FBI is also investigating the incident.
Though security experts say a wide-scale hack of Apple’s iCloud is unlikely, the average iOS user can’t ever be too careful. If celebrities can have their private photos stolen, anyone can be victimized. But users can take measures to keep their iCould accounts safe. Here’s how:
Delete (compromising) photos from your Photo Stream. When trying to delete private photos from an iPhone or iPad, it’s not enough to just delete the photos from the camera’s album; users must also delete images from Photo Stream. Because of iCloud, when a user takes a photo on an iOS device, the image gets saved in both folders. While the camera’s album is where the images are saved on the device, Photo Stream is used to load images onto iCloud.
To delete images from Photo Stream on an iOS device, users must access Photos > Albums > Photo Stream, select the images to be deleted, then select the Trash icon and Delete [number] Photos. Users should keep in mind Photo Stream saves images for 30 days, so it's best to delete private images soon after they are taken.
Delete (compromising) photos from iPhoto. In addition to deleting private photos from their iOS devices, users should delete photos from their Mac computers as well. When connecting an iOS device to a Mac computer, various software such as iPhoto or Aperture may automatically save copies of images.
To delete images from iPhoto or Aperture on a Mac, users must open the program, select the photo or group of photos, press the delete key, and click delete. Users also should keep in mind that other external devices such as Apple TV or Windows PCs can also store images.
Disable Photo Stream. Turning off the Photo Stream on an iOS device will not only prevent images from being uploaded to iCloud but also delete any photos saved within Photo Stream on that device. To disable Photo Stream, users must access System Preferences > iCloud, sign into iCloud, access Account Details and turn off any options they don’t want synced to the cloud. In addition to Photo Stream, users can turn off options like mail, contacts, calendars, notes, documents/data and others.
Users should delete unwanted photos from iCloud before disabling Photo Stream, and also should disable Photo Stream on all iOS devices if they have more than one. If a user uses the same Apple ID for all devices and signs onto iCloud on a device that doesn’t have Photo Stream disabled, any photos on iCloud will sync to that device.
Keep iCloud turned off on your iOS device and computer. Keeping iCloud disabled on iOS devices would ensure the devices are not at all syncing with iCloud. To turn off iCloud, users must access Settings > iCloud and turn off any option that should not sync to the cloud. Turning off iCloud on a Mac computer is the same as disabling Photo Stream. Just select the Photos option. Windows users can also turn off iCloud features through Control Panel.
Users can also delete their iCloud account by accessing Settings > iCloud > Delete Account. This action will ensure iCloud will no longer back up any iOS data.
Make your iCloud password more secure. Let’s be real: If the password for your iCloud is “password,” you’re leaving your device extremely vulnerable. Changing the password to something easy to remember but difficult for someone else to guess is highly recommended. To change your password, users must access Manage Your Apple ID > Password and Security > Change Password. It is preferable to use long passwords that are a mix of numbers, symbols and capitalizations. Ideal passwords are at least 14 characters long, use terms that are not related, and replace certain letters with numbers or symbols (beardak0tast@arhip, for example). Users are advised to use a different password for each account.
Use two-step verification to sign in to iCloud. For extra security, users can implement Apple’s double-login feature for iCloud. It may be easy for an illicit someone to bypass one passcode but not two. The two-step verification requires users to put in the password after which Apple will send a code to another Apple device. Using the second passcode will allow a user to sign in to iCloud. Users will receive a new passcode with each attempt to sign into iCloud. To set up two-step verification, users must access Manage your Apple ID > Password and Security > Two-Step Verification and follow the directions to complete the process.
Turn off Find My iPhone. Since the security issue to this bug is believed to be within the Find My iPhone feature, it might be a good option to turn the feature off to make your iOS device more secure. To turn off Find My iPhone on an iOS device, users must access go to Settings > iCloud, then select turn off Find My [device]. On a Mac computer, users must access Apple menu > System Preferences > iCloud, then deselect Find My Mac.
Users should keep in mind that this feature will be off in the event that their iPhone is lost or stolen. However, they should be able to turn the feature back on remotely using their Apple ID on a different Apple device.