Three Ways Your Personal Photos Are Vulnerable To Hackers

Three Ways Your Personal Photos Are Vulnerable To Hackers

Recent reports of celebrities having nude or risqué photos of themselves leaked online highlights the serious risk of hackers getting access to our personal pictures.

Picture: Getty Images

While many of us take inane and uninteresting photos that we wouldn’t mind anyone seeing, some of us do like to share more interesting pictures with other individuals that we wouldn’t wish to be seen on the twitter feeds of millions. I am not personally interested in value judgements around taking nude pictures but I do appreciate the impact on those who have seen their intimate moments shared without their permission.

How were these pictures hacked? The reality is going to be the work of cyber-security and forensic experts to discover. But as there are now so many private photo streaming services, the potential for exposure becomes very likely.

There are three main ways your photos could be vulnerable to hackers.

Sharing passwords across different sites

One vulnerability is if you use the same password for more than one account online. Taking a look back to the Oleg Pliss hack in May, cyber-criminals managed to compromise iCloud by using indirect hacking, social engineering and innovative thinking.

Assuming people used the same password on more than one service, the hackers attacked another unrelated system then managed to systematically test each @icloud email account to see if they could get into the cloud with the same password.

The same applies to any other private photo storage or cloud-based account. The technology by itself is secure, but if you use the same passwords for multiple services and have been unknowingly part of an attack, then the rest is quite obvious.

Targeted attacks

Alternatively, you can fall victim to a targeted attack by being sent targeted emails, files or even given a memory stick with compromised files on it. It does not take too much effort to get a trojan keylogger onto someone’s computer if you really want to.

Once the keylogger is at work, it will send screen-shots of each mouse click, key stroke and other activities back to the hacker. Internet speed is now so advanced that you would not notice the traffic.

Public hotspots

Finally, if you have a laptop or smartphone with personal photos on it and use it on a public hotspot, there is the potential for compromise. Firesheep, among other applications, allows hackers to compromise any device on a public system.

The man-in-the-middle attack is an old compromise taught to many network engineers as a way of defending networks. It is not a complex process, and it deceives a wireless access point into letting one computer become the gateway for all devices on the network. This would allow hackers to see all traffic and therefore images being sent across the system.

What can you do?

There are steps you can take to reduce your vulnerability to attack. Consider where you store any pictures that you wouldn’t want the public to see. Consider how up-to-date your anti-malware software is and also what passwords you use on different systems. If you are using photo streaming services, check now to see if private photos are already at risk of being exposed to the internet.

If nothing else, the story of this mass leak of images has exposed how many of our own photographs are being unwittingly shared with cloud services which may be compromised. Whether we’re celebrities or nobodies, we must all be vigilant in protecting our private data in these increasingly insecure times.The ConversationAndrew Smith is Lecturer in Networking at The Open University. He does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

This article was originally published on The Conversation. Read the original article.


  • When watching the news coverage I remember one celeb remarked “But I had deleted those ages ago”. When you have automatic cloud backup enabled on your device the backed up photo will not be deleted. People think that deleting the copy on their phone is sufficient and forget about the copy stored in the Cloud.

    There has also been some really bad reporting on this. One person that was interviewed on The Project was talking about the hackers hacking into the celebs personal phones and how it is scary that your phone can just be compromised via the internet in that way. That hasn’t happened at all here.

    • Here’s an idea – how about those automatic uploads have a pending option as default, and the user has to approve the upload before it happens. Allows those “heat of the moment” photos, which can then be deleted before they are uploaded. Amazing how sites like Facebook are taken to task over security and privacy issues, but no one bats an eyelid to Apple, Microsoft and even Google with the services they provide.

      Might be worth a follow up article Andrew on the terms and conditions almost all of us blindly click “accept” to see what they really absolve tech companies of. Or a great idea for a website that puts those disclaimers into plain English so people know what they are really getting into!

    • Yeah I saw that, but that’s the problem with those kind of shows. If the producers of the segment don’t properly brief them, the discussion often gets off point and irrelevant.

      I’m surprised the fact Apple hasnt been getting called into question over this. If I was JLAW or anyone I would have my lawyers focused on them.

Show more comments

Comments are closed.

Log in to comment on this story!