On a recent Wednesday evening, a university professor in a large town in western Germany was preparing several paintings to be sold through the British auction house Christie's. Using his iPhone, he took pictures of the inherited works at his home to upload to the company's website. Within a few weeks, the site promised, Christie's would give him an estimate of their value and tell him if it was interested in auctioning them.
But by uploading the images, he not only sent pictures of the pieces to Christie's, he also revealed their exact location for anyone to see online, according to two German cybersecurity researchers. Hundreds of other would-be Christie's clients, including Americans, were exposed to the same vulnerability, the two researchers, Martin Tschirsich and André Zilch, told The Washington Post.