How Does a Celeb’s Phone Get “Hacked”?
by Allison Ford
The headline, “Hacked cell phone pics!” really conjures up the image of electronic espionage and danger, doesn’t it? Especially when the end result is a cache of celebrity skin. Apparently “hacked” celeb phone pics are a thing now, but that doesn’t mean that there’s some roving band of electronic masterminds targeting Hollywood’s most helpless (and buxom) starlets.
So how, exactly, does a cell phone get “hacked”? Assuming, of course, that the pictures are real and not released by the celeb herself as a publicity stunt. According to my good friend who is himself a hacker (and unwilling to be named, for obvious reasons, but let’s call him “Vlad”), it’s wrong to say that these phones were “hacked.” “Leaked,” sure. “Accessed improperly,” definitely, but not exactly “hacked.” Headlines say “hacked” because it sounds newsy, but “hacking” implies a large-scale information breach on a systemic level, and what happened to these hapless celebs was, most likely, far more mundane. Here are four potential ways the world becomes blessed with celebrity sexts:
Scenario #1: Olivia Munn gets a new phone. When she takes the old phone to the store to trade it in, the unscrupulous clerk decides to do a little digging before tossing it on the junk pile. Whaddaya know? Olivia didn’t wipe the data, and there are some titty pics. The clerk then downloads the pictures and sells them. Voila—“hacked.”
Tabloids and gossip sites pay for tips and photos all the time. How else do you think pics of LiLo blowing rails of coke or stories about Ashton Kutcher hitting on a waitress ever see the light of day? Valets, receptionists, bartenders, and just about everyone else is willing to sell their story. Who says IT guys and phone salespeople are above it?
According to Vlad, there are more savvy ways to get the info, for a thief who knows where to look. Think of all the data stored on a typical smartphone—photos, contacts, emails, music, texts, etc. Some phones (like Blackberries) store the information on an internal memory card. Some, like Android devices and iPhones, also store that info on a centralized server, which is associated with a user account. To access anyone’s information, all you’d need to know is what kind of phone they have and their email address. Vlad says that most information compromised this way isn’t gained using fancy password-cracking software—it’s accessed by guessing the answers to the user’s security questions.
Scenario #2: A nerd would very much like to see Olivia Munn naked. According to a picture of her in this week’s Star, she carries an iPhone, which means that she has an Apple ID, tied to her email address. The nerd takes a few stabs at what her email address might be (email@example.com? firstname.lastname@example.org?), and then chooses to answer the security questions. With a quick Google, he can figure out what street Olivia grew up on, as well as the name of her paternal grandmother and her first grade teacher. He gains access to her Apple account, including her pictures, which he sells. Voila—“hacked.”
This is not a sophisticated strategy. All it takes is a little persistence, good search skills, and some time. (It’s also exactly what happened to Heather Morris, BTW.) If guessing Olivia’s email address didn’t work, the nerd could always refer to the email lists from high-profile hacks of sites like Zappos or Gawker. If she has an account with either of those sites, her address was made public. Easy peasy.
That’s not to say that some thefts aren’t sophisticated. Someone with real skills could access the info in any number of ways.
Scenario #3: A genuine hacker successfully compromises Twitter (or Facebook or any other website), implanting malicious code that silently installs a backdoor on the phone handset of any user who uses their phone to visit the site. The hacker then mines the data for celebrity accounts, using the backdoor to access Olivia’s phone remotely. He downloads and sells the photos. Voila—“hacked.”
The problem is, that’s a lot of trouble for a few dirty snaps. Also, this would be really hard, and hackers of this skill level aren’t motivated by nude pics. Real hackers want to say, “I’m the guy who cracked the air traffic control system,” not “I’m the guy who showed the world Scarlett Johansson’s butt.”
Of course, Vlad says, if you believe that the simplest explanation for anything is usually the correct one, there’s another possibility for how Olivia’s pics were made public.
Scenario #4: Olivia Munn sends sexy pics to her boyfriend Chris Pine. Chris shows the pics to a friend while out for lunch. When Chris gets up to go to the bathroom, the friend quickly emails himself the pics from Chris’s phone, and then sells them. Voila—“hacked.”
Or maybe Chris was the one who got the new phone, or maybe Chris leaked the pics himself. Who knows?
The fact is that most people—celebrities included—are fairly cavalier about their information security. There are a million avenues for someone to gain access to another person’s cell phone data, including ways that haven’t even been thought up yet. I don’t know exactly how Christina Hendricks, Olivia Munn, or Vanessa Hudgens had their information compromised, but the odds that the explanation involves serious spying are very low.
The moral of the story is: Be careful with the information you store on your phone. Don’t send anything electronically that you wouldn’t want the world to see. If you’re trading in an old device, for God’s sake erase all your data. And if any celebrities are reading this, maybe stop taking nude pictures of yourself.
Photo Source: andrewzmorningshow.com