- Kendall Jenner’s ‘cruel’ dog collar sparks online debate Thursday 8:04 PM
- All ‘The Witcher’ content you can gobble up once you finish the Netflix series Thursday 7:47 PM
- Tinder adding a ‘panic button’ for when dates go awry Thursday 6:14 PM
- Webcam footage of ‘Bigfoot’ shared by state government agency Thursday 5:47 PM
- Video shows that James Corden doesn’t drive Carpool Karaoke car—and fans feel betrayed Thursday 5:06 PM
- Video shows Julianne Hough screaming, writhing during physical therapy demo Thursday 4:47 PM
- Halsey accidentally called for another 9/11 Thursday 4:01 PM
- Lizzo’s Rolling Stone shoot criticized for cultural appropriation Thursday 3:19 PM
- Bloomberg’s broadband platform is 5 years behind his rivals Thursday 3:03 PM
- Hulu’s ‘Endlings’ is a smart sci-fi show for kids—and adults Thursday 1:42 PM
- Netflix’s ‘Pandemic’ drops right when we need to be worried most Thursday 1:20 PM
- TikTok signs licensing agreement with Merlin Thursday 12:19 PM
- Anime film ‘NiNoKuni’ falls apart with flimsy plotting Thursday 11:57 AM
- Cop who called for boycott of Beyoncé’s Super Bowl performance now says he’s Black Thursday 11:12 AM
- Uber, Lyft dragged for surging prices during mass shooting (updated) Thursday 11:06 AM
Apple investigating iCloud hack, starting by patching a major security flaw
If you’re Jennifer Lawrence, Apple is listening.
Apple has responded to Re/code on the leak of hundreds of seemingly legitimate nude celebrity photos that surfaced on 4chan over the weekend. The photos, seemingly confirmed by at least two of the victims, are thought to have been obtained through Apple’s cloud photo storage service, iCloud.
Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked.
— Mary E. Winstead (@M_E_Winstead) August 31, 2014
Thank you iCloud🍕💩
— Kirsten Dunst (@kirstendunst) September 1, 2014
In the brief statement, Apple noted that it takes the privacy of its users “very seriously” and that it would be “actively investigating” the situation. The company appears to have already quietly taken a few steps to patch vulnerabilities in its system. One, noted by the Next Web, is a hack called iBrute that takes advantage of flimsy security in Apple’s Find My iPhone service. Notably, Apple’s cloud login doesn’t lock a user out after a certain number of password attempts, inviting brute force attacks—automated programs that crack a password by guessing repeatedly.
Beyond that shocking security lapse (most systems shut out users after just a few failed login attempts) is the fact that Apple has never aggressively promoted its own version two-factor authentication for iCloud. Two-factor authentication requires a special freshly generated code, sent to a trusted device, in order for a user to log into a system from a new computer or mobile device.
It’s probably the best protection the average user can hope for against these kinds of attacks. While Google has very actively promoted two-factor authentication in recent years, Apple doesn’t publicize the powerful extra security step for its iCloud services.
Taylor Hatmaker has reported on the tech industry for nearly a decade, covering privacy and government. Most recently, she was the Debug editor of the Daily Dot. Prior to that, she was a staff writer and deputy editor at ReadWrite, a tech and business reporter for Yahoo News, and the senior editor of Tecca. Her editorial interests include censorship, digital activism, LGBTQ issues, and futurist consumer tech.