Apple Will Impose Tougher Security After Celeb Photo Hack


Apple CEO Tim Cook walks off stage after this year's WWDC presentation.

Apple CEO Tim Cook walks off stage after this year’s WWDC presentation. Justin Sullivan/Getty



After hackers lifted nude photos of Jennifer Lawrence, Kate Upton, and dozens of other celebrities from Apple’s iCloud service, company CEO Tim Cook says the company will make changes to the service in an effort to better protect users.


In a story published by The Wall Street Journal on Friday, Cook described how the photos were stolen, and how Apple plans to prevent a similar theft from occurring in the future. According to Cook, hackers were able to gain access to the victims’ passwords by correctly answering their security questions or by using phishing scams, a scenario many in the tech world already assumed to be the case.


In order to ensure such an attack doesn’t happen again, he said, Apple will begin alerting users anytime someone attempts to change a password, restore iCloud data to a new device, or log in on a new device for the first time. Cook also said that the next version of iOS will offer two-factor authentication for iCloud, which would require users to log in with a username and password, as well as a unique code that gets sent to the user’s phone every time he logs in. In the past, two-factor authentication did not protect iCloud backups. Though the feature will still be optional, Cook told the Journal that the next version of iOS will be much more explicit about encouraging users to activate it.


Other companies, such as Google, have taken similar measures on their own cloud services in an effort to protect users. But Apple is behind the curve—as are so many other online companies.


In fact, Apple may be more culpable than Cook lets on. Many now believe that the hack was enabled by a security flaw in Apple’s FindMyiPhone service, which allowed users infinite attempts at guessing passwords. On Monday, Engadget reported that the problem had been fixed. And yet, Apple has not fully acknowledged that the issue existed to begin with. This may be part of Apple’s plan to engender trust among users before it launches several new products next week.


What Cook does confess to, however, is that Apple has failed in the past to properly educate users on the importance of using tougher security. “When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” he told The Journal. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”


Maintaining a balance between tight data security and ease of use is a challenge for any tech company these days. As a recent WIRED story pointed out, the United States lacks any legal framework for how well these companies are expected to secure our data. And so, many of these companies choose to sacrifice some security measures in order to make their products and services easier for the average consumer to use.


Now it seems, Apple is beginning to realize that consumers are becoming just as interested in the security of their data as they are in the usability of the product. Still, some security experts say that what Cook is now proposing may not be enough to truly protect users. As Ashkan Soltani, an independent security researcher, told The Journal, sending users more notifications “will do little to actually protect consumers’ information since it only alerts you after the fact.”



No comments:

Post a Comment