Apple enhances security features in iCloud

Apple enhances security features in iCloud
With just days to go before the highly anticipated iPhone 6 announcement, Apple has carefully threaded the needle in its public responses to compromised celebrity accounts, resulting in a deluge of stolen photos being distributed all over the internet.

Apple has stated that its iCloud servers were not compromised, but it has indicated that some accounts may have not been adequately protected, such as, weak passwords and easy security questions. CEO Tim Cook further widened the blame blanket that some account holders might have fallen for a phishing scam.

Since the story broke over the weekend, Apple patched a clear exploit in iCloud which allowed unlimited log-in attempts, a perfect target for a brute force user ID and password combination attack. Apple has not stated, and probably will not, if some of the compromised accounts were accessed in this manner.

While two-factor authentication might have provided some extra security, Apple admits that the majority of its customers do not use it. So, awareness on that piece, among other steps, are part of the enhancements Apple plans to roll out in assisting customers protecting their data.

In addition to more aggressively promotion two-factor authentication, Apple will also start alerting customers via email and iMessage when iCloud is asked to restore data to a new device. Also, alerts will be sent when the user tries to log in from a new device for the first time. Even then, these notifications are arguably after-the-fact events, so the responsibility still lies with the user.

Some of these measures may seem like “Cybersecurity 101,” but we can all relate when such steps ultimately impede the user experience to the point where a customer simply will not use a given feature. Apple is working with the FBI, which is investigating the incident which saw more than 100 iCloud accounts get side-stepped.

These are good first steps for Apple to take, but it will also need to find a way to adequately inform its customers through the user experience about how its cloud services work, what the risks and benefits are, and how to best protect data, pictures, and videos backed up to iCloud.  This may be an opportunity to evolve the legalese from a "too long, didn't read" click through, and incorporate something more engaging.

For now, the newly announced measures will go into effect over the next two weeks.

sources: The Wall Street Journal and CBS News

FEATURED VIDEO

29 Comments

1. GreekGeek

Posts: 1276; Member since: Mar 22, 2014

Yeah yeah yeah.......whatever Damage has been done, everybody's kinda paranoid right now

5. vincelongman

Posts: 5750; Member since: Feb 10, 2013

What if only non famous people were involved? The media probably wouldnt have given it much coverage, so Apple might not have done anything about it

7. GreekGeek

Posts: 1276; Member since: Mar 22, 2014

There is a ''trading ring'' going on out there, Non-celebs = No Value. They basically trade these photos in exchange for another photo, cash or bitcoin. Why would they even bother hacking a Non-Celeb? Well unless he/she is rich of course, obviously for ransom/blackmail purposes

8. vincelongman

Posts: 5750; Member since: Feb 10, 2013

I know But it still shows a double standard for famous vs non famous people

35. wilsong17 unregistered

Wrong how many government agent use the icloud

2. dmakun

Posts: 382; Member since: Jun 06, 2011

Medicine after death perhaps?

3. nlbates66

Posts: 328; Member since: Aug 15, 2012

they really should have stopped allowing infinite retrys on their password system yonks ago.

4. GreekGeek

Posts: 1276; Member since: Mar 22, 2014

Tinfoil maisters, could it be that various Android OEMs and GOOGLE has funded this hacking? I mean, more than a week to go before the iPhone 6 unveiling and we have this really nasty scandal that doesn't favor Apple at all.

6. vincelongman

Posts: 5750; Member since: Feb 10, 2013

I doubt it, some of the celebs had Androids as well I remember one of them had a Galaxy S5 (but she claimed her leaks were fake) And it wasn't actually a security beach, more the hacker took advantage of the celebs poor passwords and security questions And DropBox was hacked as well

9. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

If it is in the cloud, it is being bought and sold right now. Every single bit of data.

10. meanestgenius

Posts: 22492; Member since: May 28, 2014

So, Apple says their iCloud servers were not compromised, yet they issue "security enhancement features" to it? Liars, much? Apple and security DO NOT go hand in hand.

11. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

Apple is always full-of-shït when it comes to security. They purposefully put in all sorts of backdoor APIs because they share/sell all their data. Of course iFans will deny this, but the truth is the truth. "No, the analogy you propose is completely wrong. A better one is you having a door to your home that the manufacturer told you it’s safe to use, but somehow that door still resides inside the manufacturer’s compound and you enter your home through there everyday – and someone shows up with a gazillion keys and starts trying them one by one (the bruteforcing, if I’m being too subtle), but you can’t stop them as you don’t really own or control the door and even if you knew how, you still couldn’t really assess the real security of the system. And then the manufacturer comes out and says that even through your door was inside their compound beyond their systems, it’s still your fault since you didn’t order a better key that wouldn’t slowed down (not stop) the thief even though they could have (or at least should have) stopped the guy with many keys from keep trying to unlock your door." http://uncrunched.com/2014/09/02/apple-is-screwed-frappening/

12. meanestgenius

Posts: 22492; Member since: May 28, 2014

SMH...Apple really is full of sh!t when it comes to security....

13. Mxyzptlk unregistered

Just like your comment

14. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

"Of course iFans will deny this, but the truth is the truth."

16. meanestgenius

Posts: 22492; Member since: May 28, 2014

Just like you, ifanboy troll. You mad? Did I hit a nerve? Truth hurts, doesn't it troll?

15. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

There is a reason the NSA referred to iToys as Zombies. Or, was it iZombies?

18. dspkblympkbl

Posts: 52; Member since: May 23, 2013

I never trusted icloud from the start, I had an incident where I couldn't sent stuff down from icloud to my ipad...I was like "hm...this smells funny" And to this day, it remains the case. You have to reset the ipad and restore from icloud to get your stuff...not very user friendly. Then again, it's a free service from apple...

21. hossamaltarawneh

Posts: 36; Member since: Oct 18, 2013

Just call BlackBerry they will fix it :)

22. meanestgenius

Posts: 22492; Member since: May 28, 2014

Indeed they will! Tim Cook needs to get on the phone with John Chen immediately to request the services of BlackBerry to secure their constantly-breached iProducts!

27. Sam4Note

Posts: 8; Member since: Sep 04, 2014

Isn't BB another American company? Aren't all major companies and corporations in America in cahoots with the NSA and stuff? I'm just speculating but it seems plausible

28. meanestgenius

Posts: 22492; Member since: May 28, 2014

What? BlackBerry is a CANADIAN company. A little research will defeat speculation every time. By the way, EVERYONE in tech, media, even the common man on the street knows that BlackBerry is a CANADIAN company. Where have you been living all of this time?

31. Sam4Note

Posts: 8; Member since: Sep 04, 2014

"Canada Country Canada is a country in North America consisting of ten provinces and three territories. Located in the northern part of the continent, it extends from the Atlantic to the Pacific and northward into the Arctic Ocean." Wikipedia North America isn't America? I'm confused....

34. meanestgenius

Posts: 22492; Member since: May 28, 2014

Time to take you to school: The UNITED STATES OF AMERICA resides within the CONTINENT of NORTH AMERICA, as does CANADA. Being that North America is a continent, and the USA and Canada are both SEPARATE COUNTRIES, they are apart of the CONTINENT of NORTH AMERICA. The US and Canada are totally INDEPENDENT of each other, separate governments and all. The NSA is an agency out of the USA, and thus has NOTHING TO DO with Canada. CONTINENTS are LARGER THAN countries. CONTINENTS are made up of COUNTRIES. Here endeth the lesson.

36. Sam4Note

Posts: 8; Member since: Sep 04, 2014

So its a North American company ;)

39. meanestgenius

Posts: 22492; Member since: May 28, 2014

You're finally paying attention.

29. StanleyG88

Posts: 240; Member since: Mar 15, 2012

Brute force attacks in these situations are SO EASY to stop it is almost laughable that Apple was to lax in their efforts to provide adequate security. Their pure negligence in this area should cause them to be held accountable. 12-15 attempts are the MAXIMUM that should be allowed before the account holder is notified. Any password that can be guessed in 15 attempts is not a password.

37. jianni2

Posts: 2; Member since: Sep 07, 2014

The best Security solution Is from Apple to put the finger sensor to put in the i cloud account , They have to put it and then i don't think can somebody hack them , Is the better solution

38. hossamaltarawneh

Posts: 36; Member since: Oct 18, 2013

Biometric security would be cool, but what if the user want to open it from other devices/ computers? You still need a password and that pretty easy to hack with icloud

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.