Article Lead Image

Apple doubles down on iCloud security

It hasn't been a great week for Apple... or some select iCloud users. 

 

Rob Price

Tech

Posted on Sep 5, 2014   Updated on May 30, 2021, 3:42 pm CDT

Following the leak of hundreds of intimate photos of dozens of high-profile female celebrities, Apple has announced that it will strengthen its security measures for its cloud storage platform iCloud.

The technology company has come under sustained criticism following the leak, often referred to as #CelebGate or “The Fappening.” Critics say that lax security measures made it easy for hackers to gain access to celebrities’ private photos, and while CEO Tim Cook maintains that none of the material was leaked from the company’s servers directly, the changes are a tacit acknowledgement that Apple’s systems have been in some ways lacking.

For the first time Apple will add security alerts, Cook confirmed to the Wall Street Journal, that will notify users whenever “someone tries to change an account password, restore iCloud data to a new device, or when a new device logs into the first time.” These alerts will come via both push notifications and emails. Previously, email alerts were only sent when a user attempted to log in from a new device, or tried to change the password.

Two-factor authentication will also be more aggressively promoted to Apple customers (right now, it’s nearly discouraged), requiring user sign-on from new devices to have access to a temporary code, throwing up another hurdle to unauthorized access to accounts. 

As Celebgate unfolded, Apple has steadfastly maintained that “none of the cases… [have]resulted from any breach in any of Apple’s systems,” and that “certain celebrity accounts were compromised by a very targeted attack on usernames, passwords, and security questions.”

In the wake of the leaks, Apple rushed to patch a recently-discovered flaw in the Find My iPhone feature that left devices vulnerable to “brute force” attacks, whereby an intruder tries thousands or even millions of possible passwords for an account without being locked out. The company has also recently forbidden developers from storing any user health data in iCloud.

H/T WSJ | Illustration by Jason Reed

 

Share this article
*First Published: Sep 5, 2014, 1:09 pm CDT