Tim Cook says Apple will improve iCloud security following photo hacks

Scorpus

Posts: 2,156   +238
Staff member

In an interview with The Wall Street Journal, Tim Cook has promised to improve the security of iCloud following the celebrity photo hacks that have made headlines throughout this week.

Cook said that the accounts of celebrities such as Jennifer Lawrence and Kate Upton were compromised through hackers correctly answering security questions or obtaining passwords through phishing scams. As was established previously, no breach of iCloud occurred to gather the photos.

Under the changes, Apple will now notify users more frequently of security-related matters. Users can expect emails and push notifications when someone logs into their account from a new device, restores an iCloud backup, or changes their password. The new system for these notifications will go live in two weeks' time, and will allow users to change their passwords immediately and notify Apple's security team.

Apple's two-factor authentication system will also be upgraded to cover iCloud. The company acknowledges that not many people use two-factor to protect their accounts, and will more aggressively encourage people to use it in the next version of iOS.

With the new security features, it should be much harder for someone to gain access to private photos without the user knowing. It won't outright prevent access to accounts - you'll still need to be smart with your security online - but it's definitely a step in the right direction.

Permalink to story.

 
Maybe I'm just jaded with Apple, but I read this as a reaction to the stock market drop of more than $4, and not as a "we care about your security" message.
 
I dislike Apple to the highest level but come on, people need to wake the hell up about security. If you are a celebrity and you use a weak password and the security questions you put in are available in your bio or your web page then dont cry when someone hack your account. And why the hell do you put nude photos of yourself in the cloud??? Some people have no clue.
 
Maybe I'm just jaded with Apple, but I read this as a reaction to the stock market drop of more than $4, and not as a "we care about your security" message.

Unlikely. A minor short-term drop like that is meaningless both from a business and investing standpoint. As a matter of fact, $99.41-$96.80 is a daily demand level on AAPL. If anything, the drop has given Apple traders a reason to buy in/add on to their positions.

Cook is simply complying with the requirements of his job. Apple's service was breached by a brute force attack. Meaning, Apple didn't do its job properly. He has to apologize and restore confidence in their product. It's straight PR, unrelated to their stock performance.
 
Cook is simply complying with the requirements of his job. Apple's service was breached by a brute force attack. Meaning, Apple didn't do its job properly. He has to apologize and restore confidence in their product. It's straight PR, unrelated to their stock performance.
Is that true, really? I know there was that FindMyiPhone exploit that was patched, but I haven't seen anything to suggest that is how it happened. Cook's response also indicates that wasn't involved in this. What was involved was using publicly available information to get into accounts by answering security questions correctly.
 
But why waste money on beefing up security if they weren't hacked? Isn't profit sharing much more important to the big wigs? All big corporations are tarred with the same brush, they all tell you they take customer data security very, very seriously but yet they all sit on their fingers until they're well and truly hacked and have to offer red faced apologies before they act.
 
Is that true, really? I know there was that FindMyiPhone exploit that was patched, but I haven't seen anything to suggest that is how it happened. Cook's response also indicates that wasn't involved in this. What was involved was using publicly available information to get into accounts by answering security questions correctly.

The exploit took advantage of a lack of brute force protection on Apple's end. As you know, you only get so many attempts on most security systems before you are locked out and required to verify your identity. Apparently, Apple's system either lacked this feature or did not implement it effectively. This enabled the "hackers" to use the data they obtained on a trial and error basis, until they discovered the correct security entries.
 
@Skidmarksdeluxe They fixed the not locking out an account after multiple attempts and apparently that was found and fixed within 40 hours of this incident. If you want to stay as cynical as you are, you can still do that because I don't think spending 40 hours patching up something and then pledging to push harder for users to use 2-step authentication is really much of a cost issue.

The exploit took advantage of a lack of brute force protection on Apple's end. As you know, you only get so many attempts on most security systems before you are locked out and required to verify your identity. Apparently, Apple's system either lacked this feature or did not implement it effectively. This enabled the "hackers" to use the data they obtained on a trial and error basis, until they discovered the correct security entries.
I agree there, however I was under the understanding from reading about this all over, that there wasn't much trial and error. It was answering security questions for the accounts, and when you are a celebrity, the types of questions that are used in security questions have searchable answers. It was more of a celebrity research project than a 'dictionary' type brute force.
 
They fixed the not locking out an account after multiple attempts and apparently that was found and fixed within 40 hours of this incident. If you want to stay as cynical as you are, you can still do that because I don't think spending 40 hours patching up something and then pledging to push harder for users to use 2-step authentication is really much of a cost issue.
OK, if the simplest forum on the web, has had the lockout feature for years, why shouldn't cynicism reign? This forum will lock you out after 3 (?) attempts. Another forum I belong locks the account, then sends an email to warn you your account has had a hacking attempt made on it. My bank, my credit card companies, all have the lockout feature, and have had it for years.

You really should dial back you role as Techspot's chief Apple apologist, if only just a twitch.

Take me back to the days when men were men, celebrity "hacks" were feature length, and then put out on VHS tapes. (Tommy Lee Jones and Pam Anderson, "A Night in Paris", (Hilton, that is)):cool:
 
Last edited:
I ignore 95% of skid's remarks. He bashes Apple in threads that aren't even related to Apple. I'll be taking the weekend off, but for different reasons, have a ball.

Perhaps you see me as an 'apologist', I try (sometimes unsuccessfully) to just state the facts and leave everything else out. So many times people don't read the article, or just go off the headline and the intro sentence. A lot of that is due to how journalism now is click-bait. As a result, and this being such a PC centric forum, you get a lot of people spouting stuff that simply isn't true.
 
I agree there, however I was under the understanding from reading about this all over, that there wasn't much trial and error. It was answering security questions for the accounts, and when you are a celebrity, the types of questions that are used in security questions have searchable answers. It was more of a celebrity research project than a 'dictionary' type brute force.

That's accurate to what I've read, but, given the scope of the exploit (100+ actresses/celebrities), I suspect there was at least some use of a traditional dictionary type attack. As desperate as some guys can be, I have a hard time believing someone would research 100+ celebs just for nudes. Though, this assumes 1) there were few agents and 2) the attacker wasn't paid.
 
I ignore 95% of skid's remarks. He bashes Apple in threads that aren't even related to Apple. I'll be taking the weekend off, but for different reasons, have a ball..
Speaking for myself I don't bash Apple on their product, be more on their fan base. In this case, if every iPhone user was susceptible to a brute force attack, then Apple could stand a bit of, "constructive criticism".

Besides, I've taken to loathing the CEOs of large companies, more than the companies themselves.

For example, every time Tim Cooke, the Amazon CEO, or anyone from department heads on up at M$, open their mouths, my loathing begins.

When Ballmer was still around, I used to pray for old age to steal my hearing.
 
Besides, I've taken to loathing the CEOs of large companies, more than the companies themselves.

For example, every time Tim Cooke, the Amazon CEO, or anyone from department heads on up at M$, open their mouths, my loathing begins.

You're a scorned former executive, aren't you? I always suspected corporate ran in your blood.
 
I read that there was no limit to how many attempts you had at entering your un and pw. That's not right at all if true.
 
I dislike Apple to the highest level but come on, people need to wake the hell up about security. If you are a celebrity and you use a weak password and the security questions you put in are available in your bio or your web page then dont cry when someone hack your account. And why the hell do you put nude photos of yourself in the cloud??? Some people have no clue.

It's called rate limiting and its sounds like you have no clue what it is and how it applies to network security lol.
 
Just a hint to the celebrities. When they ask for your mother's middle name, you don't have to tell the truth. My mothers middle name is &64tghk just for the record.
 
"And in latest news, Tim Cook switched to Windows Phone for better security and protection of his data."
 
What I still can't get my head around, is why people that work around the finest studio cameras for a living, take and store nudes of themselves on some dumb iPhone in the first place. Maybe so they can get hacked, "accidentally on purpose"?
 
What I still can't get my head around, is why people that work around the finest studio cameras for a living, take and store nudes of themselves on some dumb iPhone in the first place. Maybe so they can get hacked, "accidentally on purpose"?

Beauty is generally inversely proportional to intelligence (raw and practical). You know this. They probably thought the stuff was secure simply because the label says so, not bothering to check the legal contract that refutes it.

That's what happens when you don't let your agent handle your gadgetry. Oversights are a *****. Or, in Kate Upton's case, probably not as fake as she would have people believe.
 
What I still can't get my head around, is why people that work around the finest studio cameras for a living, take and store nudes of themselves on some dumb iPhone in the first place. Maybe so they can get hacked, "accidentally on purpose"?

Agree, though many celebrities have done it on purpose such as Paris Hilton etc. Apparently letting people see your ugly pink bits or with white spray all over your face is a good career move.

What I find even harder to figure out is that anyone finds Rihanna attractive, as to me she looks like a deformed monkey on crack. An oh, that forehead....
 
Agree, though many celebrities have done it on purpose such as Paris Hilton etc. Apparently letting people see your ugly pink bits or with white spray all over your face is a good career move..
Perhaps, but you can't say Paris Hilton actually ever had a "career". Basically a flat a**ed Kim Kardashian with a much, much, richer father.
. Oversights are a *****. Or, in Kate Upton's case, probably not as fake as she would have people believe.
And speaking of the transient, rather fleeting nature of beauty, I kinda think Kate Upton, is the next Anna Nicole Smith on the hoof. She'll be modeling plus sizes before you know it. In the blink of an eye-xtra milkshake or two.
 
Last edited:
Back