In light of the recent celebrity photo leak that apparently happened because of an iCloud security flaw, Apple CEO Tim Cook has said that the company will improve iCloud’s security features in order to prevent something like this from happening again and protect users from social engineers.
Speaking to the Wall Street Journal, Cook makes it clear that iCloud wasn’t hacked into during the celebrity photo leak, but was merely a work of social engineering, where “hackers” of sorts guess passwords and attempt to make it through the system posing as the real user of the account.
In an effort to cut down on social engineering hacks, Cook says that Apple will now begin to send out email and push notification alerts when an attempt is made to change iCloud account information, as well as alert users when hackers attempt to restore iCloud data to another device.
With these types of alerts that iCloud users will get, it could prevent something like the celeb photo leak from happening again, as it would alert users right away if their iCloud account is being tampered with and they can take action to stop any unauthorized activity in its tracks.
So when should users expect these security changes in iCloud to go into effect? Apple says it’ll be about two weeks before it rolls this feature out, which will also be the approximate rumored release date of iOS 8, so more than likely, this is a feature that will come with iOS 8, which means that this could require users to update to iOS 8 in order to receive these new iCloud alerts.
However, perhaps the most important thing that Apple could have done besides crank up its security measures for iCloud was to simply make its users aware that they need to have strong passwords and strong security questions so that they cannot be easily guessed by social engineers.
Cook also said that Apple plans to expand its use of two-factor authentication, which is a security measure that requires two different elements beyond just a simple password. Two-factor authentication requires the traditional password, as well as a physical aspect, such as the user’s iPhone that sends a confirmation code that the user then types in. Chances are, hackers don’t have your iPhone, so two-factor authentication is a great way to prevent hacks and other breaches.
In iOS 8, two-factor authentication will play a larger roll in iCloud, that way users have the option of making their could data safer. Of course, Apple says that a majority of users don’t even use two-factor authentication, but it’s easy to see why. It’s a feature that’s cumbersome and not really all that convenient, which is why it’s not used as much as it should be.
However, Apple will be encouraging more aggressively to get users to use two-factor authentication in iOS 8.
The recent celebrity photo leak had all eyes on Apple’s iCloud as the the service was said to be the target for the leaks, but both Apple and security experts made it clear that iCloud servers weren’t hacked into, nor did hackers bypass iCloud’d own security measures for blocking hackers out of its servers. Instead, the “hack” was merely just guessing passwords and working a little bit of social-engineering magic. In this case, both Apple and the user are a bit at fault.
As always, it’s important to reiterate that everyone should be using strong passwords for their online accounts, including accounts that have very sensitive information, like bank accounts and even NSFW photos stored in iCloud. Of course, we’d be surprised if this was the last time that iCloud was hacked like this, but it’s always important to stay a step ahead.