Phishing is the cell phone hack that ensnared Jennifer Lawrence and a few other celebrities.* They were sent emails telling them to reset their password. They clicked on a link, typed their old password, and entered a new one. These emails looked official, but in the case of Jennifer Lawrence, she was duped by an email sent from a Gmail account.
Another technique to gain access to a celebrity’s phone is through third party compromise. With Apple, this exploits the situation where the user has trusted a third party app that works with Apple’s cloud service to store your data on the Internet. The problem with trusting an application on your phone is that the software may gain access to your pictures, sometimes automatically. If the third party application can be exploited, this may grant a hacker access to your photos stored in the cloud.
Password guessing is another avenue. Several well-publicized crimes occurred using this technique. A strong password is super important, as is having a password for accessing your phone. Celebrities have lost their password-free phones, and all of their data has been compromised. If you’re famous and have a pet, its name is probably a poor password choice.
Social engineering is another lo-fi technique that can prove effective. This exploits the human weakness for being chatty with an official sounding cold caller. “Hi, this is Verizon calling” they might say, or “Hi, I’m with AT&T and we’ve got a problem, we noticed that you’re going to be traveling, can you please give us your itinerary, and by the way, maybe you’d like to setup a new pin?” If you want your X-trated pics to stay X Files, then listen to Mulder, and Trust No One.
*In August of 2014 nude images of Jennifer Lawrence as well as many other female celebrities were leaked. Source: Arthur, C. (2014, September 1). Nude Celebrity Picture Leak Looks Like Phishing Or Email Account Hack. The Guardian.