iOS Apple

Apple enhances security features in iCloud

Maxwell R. posted by Maxwell R.   /  Sep 05, 2014, 8:25 PM
Apple enhances security features in iCloud
With just days to go before the highly anticipated iPhone 6 announcement, Apple has carefully threaded the needle in its public responses to compromised celebrity accounts, resulting in a deluge of stolen photos being distributed all over the internet.

Apple has stated that its iCloud servers were not compromised, but it has indicated that some accounts may have not been adequately protected, such as, weak passwords and easy security questions. CEO Tim Cook further widened the blame blanket that some account holders might have fallen for a phishing scam.

Since the story broke over the weekend, Apple patched a clear exploit in iCloud which allowed unlimited log-in attempts, a perfect target for a brute force user ID and password combination attack. Apple has not stated, and probably will not, if some of the compromised accounts were accessed in this manner.

While two-factor authentication might have provided some extra security, Apple admits that the majority of its customers do not use it. So, awareness on that piece, among other steps, are part of the enhancements Apple plans to roll out in assisting customers protecting their data.

In addition to more aggressively promotion two-factor authentication, Apple will also start alerting customers via email and iMessage when iCloud is asked to restore data to a new device. Also, alerts will be sent when the user tries to log in from a new device for the first time. Even then, these notifications are arguably after-the-fact events, so the responsibility still lies with the user.

Some of these measures may seem like ā€œCybersecurity 101,ā€ but we can all relate when such steps ultimately impede the user experience to the point where a customer simply will not use a given feature. Apple is working with the FBI, which is investigating the incident which saw more than 100 iCloud accounts get side-stepped.

These are good first steps for Apple to take, but it will also need to find a way to adequately inform its customers through the user experience about how its cloud services work, what the risks and benefits are, and how to best protect data, pictures, and videos backed up to iCloud.  This may be an opportunity to evolve the legalese from a "too long, didn't read" click through, and incorporate something more engaging.

For now, the newly announced measures will go into effect over the next two weeks.

sources: The Wall Street Journal and CBS News

FEATURED VIDEO

Options

29 Comments

GreekGeek
Reply

1. GreekGeek

Posts: 1276; Member since: Mar 22, 2014

Yeah yeah yeah.......whatever Damage has been done, everybody's kinda paranoid right now

posted on Sep 05, 2014, 8:29 PM

vincelongman
Reply

5. vincelongman

Posts: 5750; Member since: Feb 10, 2013

What if only non famous people were involved? The media probably wouldnt have given it much coverage, so Apple might not have done anything about it

posted on Sep 05, 2014, 8:38 PM

GreekGeek
Reply

7. GreekGeek

Posts: 1276; Member since: Mar 22, 2014

There is a ''trading ring'' going on out there, Non-celebs = No Value. They basically trade these photos in exchange for another photo, cash or bitcoin. Why would they even bother hacking a Non-Celeb? Well unless he/she is rich of course, obviously for ransom/blackmail purposes

posted on Sep 05, 2014, 8:43 PM

vincelongman
Reply

8. vincelongman

Posts: 5750; Member since: Feb 10, 2013

I know But it still shows a double standard for famous vs non famous people

posted on Sep 05, 2014, 8:59 PM

wilsong17 unregistered
Reply

35. wilsong17 unregistered

Wrong how many government agent use the icloud

posted on Sep 06, 2014, 11:47 PM

dmakun
Reply

2. dmakun

Posts: 382; Member since: Jun 06, 2011

Medicine after death perhaps?

posted on Sep 05, 2014, 8:32 PM

nlbates66
Reply

3. nlbates66

Posts: 328; Member since: Aug 15, 2012

they really should have stopped allowing infinite retrys on their password system yonks ago.

posted on Sep 05, 2014, 8:34 PM

GreekGeek
Reply

4. GreekGeek

Posts: 1276; Member since: Mar 22, 2014

Tinfoil maisters, could it be that various Android OEMs and GOOGLE has funded this hacking? I mean, more than a week to go before the iPhone 6 unveiling and we have this really nasty scandal that doesn't favor Apple at all.

posted on Sep 05, 2014, 8:37 PM

vincelongman
Reply

6. vincelongman

Posts: 5750; Member since: Feb 10, 2013

I doubt it, some of the celebs had Androids as well I remember one of them had a Galaxy S5 (but she claimed her leaks were fake) And it wasn't actually a security beach, more the hacker took advantage of the celebs poor passwords and security questions And DropBox was hacked as well

posted on Sep 05, 2014, 8:40 PM

0xFFFF
Reply

9. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

If it is in the cloud, it is being bought and sold right now. Every single bit of data.

posted on Sep 05, 2014, 9:36 PM

meanestgenius
Reply

10. meanestgenius

Posts: 22492; Member since: May 28, 2014

So, Apple says their iCloud servers were not compromised, yet they issue "security enhancement features" to it? Liars, much? Apple and security DO NOT go hand in hand.

posted on Sep 05, 2014, 9:50 PM

0xFFFF
Reply

11. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

Apple is always full-of-shït when it comes to security. They purposefully put in all sorts of backdoor APIs because they share/sell all their data. Of course iFans will deny this, but the truth is the truth. "No, the analogy you propose is completely wrong. A better one is you having a door to your home that the manufacturer told you itā€™s safe to use, but somehow that door still resides inside the manufacturerā€™s compound and you enter your home through there everyday ā€“ and someone shows up with a gazillion keys and starts trying them one by one (the bruteforcing, if Iā€™m being too subtle), but you canā€™t stop them as you donā€™t really own or control the door and even if you knew how, you still couldnā€™t really assess the real security of the system. And then the manufacturer comes out and says that even through your door was inside their compound beyond their systems, itā€™s still your fault since you didnā€™t order a better key that wouldnā€™t slowed down (not stop) the thief even though they could have (or at least should have) stopped the guy with many keys from keep trying to unlock your door." http://uncrunched.com/2014/09/02/apple-is-screwed-frappening/

posted on Sep 05, 2014, 10:18 PM

meanestgenius
Reply

12. meanestgenius

Posts: 22492; Member since: May 28, 2014

SMH...Apple really is full of sh!t when it comes to security....

posted on Sep 05, 2014, 10:22 PM

Mxyzptlk unregistered
Reply

13. Mxyzptlk unregistered

Just like your comment

posted on Sep 05, 2014, 10:47 PM

0xFFFF
Reply

14. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

"Of course iFans will deny this, but the truth is the truth."

posted on Sep 05, 2014, 10:51 PM

meanestgenius
Reply

16. meanestgenius

Posts: 22492; Member since: May 28, 2014

Just like you, ifanboy troll. You mad? Did I hit a nerve? Truth hurts, doesn't it troll?

posted on Sep 05, 2014, 11:09 PM

Droid_X_Doug
Reply

15. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

There is a reason the NSA referred to iToys as Zombies. Or, was it iZombies?

posted on Sep 05, 2014, 11:06 PM

dspkblympkbl
Reply

18. dspkblympkbl

Posts: 52; Member since: May 23, 2013

I never trusted icloud from the start, I had an incident where I couldn't sent stuff down from icloud to my ipad...I was like "hm...this smells funny" And to this day, it remains the case. You have to reset the ipad and restore from icloud to get your stuff...not very user friendly. Then again, it's a free service from apple...

posted on Sep 06, 2014, 1:21 AM

hossamaltarawneh
Reply

21. hossamaltarawneh

Posts: 36; Member since: Oct 18, 2013

Just call BlackBerry they will fix it :)

posted on Sep 06, 2014, 3:46 AM

meanestgenius
Reply

22. meanestgenius

Posts: 22492; Member since: May 28, 2014

Indeed they will! Tim Cook needs to get on the phone with John Chen immediately to request the services of BlackBerry to secure their constantly-breached iProducts!

posted on Sep 06, 2014, 4:29 AM

Sam4Note
Reply

27. Sam4Note

Posts: 8; Member since: Sep 04, 2014

Isn't BB another American company? Aren't all major companies and corporations in America in cahoots with the NSA and stuff? I'm just speculating but it seems plausible

posted on Sep 06, 2014, 8:56 AM

meanestgenius
Reply

28. meanestgenius

Posts: 22492; Member since: May 28, 2014

What? BlackBerry is a CANADIAN company. A little research will defeat speculation every time. By the way, EVERYONE in tech, media, even the common man on the street knows that BlackBerry is a CANADIAN company. Where have you been living all of this time?

posted on Sep 06, 2014, 11:23 AM

Sam4Note
Reply

31. Sam4Note

Posts: 8; Member since: Sep 04, 2014

"Canada Country Canada is a country in North America consisting of ten provinces and three territories. Located in the northern part of the continent, it extends from the Atlantic to the Pacific and northward into the Arctic Ocean." Wikipedia North America isn't America? I'm confused....

posted on Sep 06, 2014, 2:16 PM

meanestgenius
Reply

34. meanestgenius

Posts: 22492; Member since: May 28, 2014

Time to take you to school: The UNITED STATES OF AMERICA resides within the CONTINENT of NORTH AMERICA, as does CANADA. Being that North America is a continent, and the USA and Canada are both SEPARATE COUNTRIES, they are apart of the CONTINENT of NORTH AMERICA. The US and Canada are totally INDEPENDENT of each other, separate governments and all. The NSA is an agency out of the USA, and thus has NOTHING TO DO with Canada. CONTINENTS are LARGER THAN countries. CONTINENTS are made up of COUNTRIES. Here endeth the lesson.

posted on Sep 06, 2014, 5:33 PM

Sam4Note
Reply

36. Sam4Note

Posts: 8; Member since: Sep 04, 2014

So its a North American company ;)

posted on Sep 07, 2014, 3:48 AM

meanestgenius
Reply

39. meanestgenius

Posts: 22492; Member since: May 28, 2014

You're finally paying attention.

posted on Sep 07, 2014, 12:52 PM

StanleyG88
Reply

29. StanleyG88

Posts: 240; Member since: Mar 15, 2012

Brute force attacks in these situations are SO EASY to stop it is almost laughable that Apple was to lax in their efforts to provide adequate security. Their pure negligence in this area should cause them to be held accountable. 12-15 attempts are the MAXIMUM that should be allowed before the account holder is notified. Any password that can be guessed in 15 attempts is not a password.

posted on Sep 06, 2014, 1:30 PM

jianni2
Reply

37. jianni2

Posts: 2; Member since: Sep 07, 2014

The best Security solution Is from Apple to put the finger sensor to put in the i cloud account , They have to put it and then i don't think can somebody hack them , Is the better solution

posted on Sep 07, 2014, 8:35 AM

hossamaltarawneh
Reply

38. hossamaltarawneh

Posts: 36; Member since: Oct 18, 2013

Biometric security would be cool, but what if the user want to open it from other devices/ computers? You still need a password and that pretty easy to hack with icloud

posted on Sep 07, 2014, 12:33 PM

view all comments
Want to comment? Please Log in or sign up.

Featured stories

These-are-the-Phones-We-Used-and-Loved-the-Most-in-2019
These are the phones we used and loved the most in 2019
phonearena-2019-awards-best-phones-of-the-year
PhoneArena 2019 Awards: Best phones of the year
apple-iphone-12-price-hike-2020
Apple's 2020 iPhones will be more expensive, but not by much
PhoneArena-2019-Awards-Best-Camera-Phones
PhoneArena 2019 Awards: Best Camera Phones
samsung-galaxy-s11-4500mah-battery
The standard Samsung Galaxy S11 will pack an even bigger battery than previously expected
galaxy-s11-leaks-samsung-exclusive-108MP-camera-sensor
The Galaxy S11 leaks in a test mule case, flaunting a Samsung-exclusive 108MP sensor
Trial-to-determine-fate-of-T-Mobile-Sprint-merger-starts-tomorrow
Fate of the T-Mobile-Sprint merger rests on a trial that begins tomorrow
Apple-to-name-iPhone-SE-sequel-iPhone-9
Apple's next handset will reportedly be the iPhone 9

Popular stories

t-mobile-sprint-merger-pricing-promises-undermined-lawsuit
T-Mobile's post-merger pricing commitments may have been undermined by Sprint exec
Download-FitbitOS-4.1-update-Versa-smartwatches
Fitbit OS 4.1 update rolling out to all compatible smartwatches in the US
T-Mobile-will-reportedly-lower-the-price-it-pays-for-Sprint
T-Mobile expected to revise lower the price it will pay for Sprint
108MP-camera-photos-xiaomi-mi-note-10-samsung-galaxy-s11
Testing this 108MP camera makes me wish the Samsung Galaxy S11 DOESN'T have one
sams-club-deals-gift-card-iphone-11-galaxy-note-10-more
Sam's Club is preparing another stunning deal on the latest iPhones and Samsung flagships
google-pixel-4-att-deal-new-line-monthly-installments
Here's how you can get Google's Pixel 4 at a measly $150 overall (no trade-in required)
Samsung-Galaxy-S11-Plus-battery-leak
The Samsung Galaxy S11+ battery has leaked and it's massive
galaxy-s11-leaks-samsung-exclusive-108MP-camera-sensor
The Galaxy S11 leaks in a test mule case, flaunting a Samsung-exclusive 108MP sensor

Hot phones

Latest Stories

View more
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.