September 8, 2014
Apple CEO Tim Cook confirmed that the hackers responsible for recently leaking nude photos of celebrities were able to break into the celebrities’ iCloud accounts. The company plans to add additional security alerts to help prevent future security breaches. In the next two weeks, Apple users will start receiving notifications when someone tries to change an account password, restore iCloud data to a new device, or when a new device logs onto the account for the first time.
Currently, iCloud users are only notified when someone tries to change a password or log in with a new Apple device. According to The Wall Street Journal, Cook “denied that a lax attitude toward security had allowed hackers to post nude photos of celebrities.”
The hackers did not obtain Apple IDs and passwords from the company’s servers. Rather, they got them by correctly answering security questions or tricking celebrities into handing over passwords through a phishing scam email.
In addition to the new security alerts, Apple will also try to push one of its lesser-known security features, the “two-factor authentication.” This feature requires users to provide the correct password and a separate one-time access code to log into their Apple accounts. Two-factor authentication is not widely used among Apple devices, but the company will try to encourage more people to turn on the feature in the next version of iOS, which is expected to launch later this month.
Security experts still believe that Apple could do more to protect their users’ information. Sending push notifications and emails after the fact will only help minimize the damage, according to independent security researcher Ashkan Soltani.
“There’s a well-understood tension between usability and security,” he said. “More often than not, Apple chooses to err on the side of usability to make it easier for the user that gets locked out from their kid’s baby photos than to employ strong protections for the high-risk individuals.”
Apple is still working with law enforcement to investigate the case of leaked celebrity photos, according to The New York Times. The nude photos of celebrities such as Jennifer Lawrence and Kate Upton were circulated all over the Internet during Labor Day weekend.