前幾天在網路上「金像影后裸照瘋傳」事件,後來蘋果官方在昨天做出回應,蘋果發言人Natalie Kerris表示:「蘋果十分重視使用者的私隱安全,現在正積極調查此事件中」。並指出這次事件的起源是駭客利用iCloud的「Find my iPhone」漏洞進行強行攻擊(brute force),將使用者的帳號進行暴力拆解。
但此事件在今天又有了新發展,經過蘋果40小時深入研究後,便向大眾發出正式回應。指這次明星的裸照流出,是藉現時網上常見的入侵方式,藉此偷取使用者帳戶名稱、密碼或安全提問等項目,進而從中取得相片。蘋果官方認為,此入侵行為並不是因為iCloud和Find My iPhone存在漏洞而引發。蘋果則建議用戶,需要改用更強的密碼和盡快啟動兩步認證功能。
以下為蘋果官方回應聲明稿:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source.
Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at here.