Apple CEO Tim Cook Promises Major iCloud Security Improvements

Apple CEO Tim Cook Promises Major iCloud Security Improvements

Apple CEO Tim Cook has spoken out for the first time since hackers leaked hundreds of nude celebrity photos off iCloud last week. The good news: there are very real security improvements coming to iCloud in as little as two weeks.

In an interview with The Wall Street Journal, Cook acknowledges that the iCloud accounts of targeted celebrities were compromised when hackers correctly guessed the answers to their security questions to obtain their passwords, or when they were victimised by a phishing scam. Reiterating a statement that Apple put out earlier this week, Cook emphasised that none of the Apple IDs and password leaked from the company's servers.

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."

Here is what Apple is going to do to protect your data, says Cook:

  • Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for restoring iCloud data.

This, as we pointed out, has long been a glaring hole in iCloud's security. Mashable's Christina Warren was able to exploit the same flaw to hack her own iCloud account.


Comments

    Yeah, the fact that everyone (with expertise in the relevant field) knew that this was a hole in the way Apple handled security is exactly why I argue that companies like Apple, Dropbox, and so on should not be able to indemnify against stuff being nabbed from their service if they are not implementing best practice security measures.

    Awesome , so if your watching your email 24/7 you will be alerted that someone is in the process of backing up from your ICloud storage.

    Guessing if your not online looking at your email , possibly in the middle of sleeping , cooking , working , showering , playing sport , reading a book , having sex , drinking beer , then you might not be able to do anything until your data is already compromised.

    Outstanding security enhancements if you ask me.

      It won't just be email. Most likely a push notification on an internet enabled idevice with the email as a last resort, plus a push to make people adopt two step authentication rather than the old systems

      Last edited 05/09/14 11:16 pm

    Great that Apple are finally doing this, not sure why its take a problem like this to get it done. Question i have though is why hadn't Apple done this when they introduced 2 Factor in the first place. I was really happy to hear 2 factor was now available with Apple but confused that it only covered certain things.

    Other question is for the celebs, if the hackers got in via crappy passwords or guessing security questions, did they have crappy passwords and did they have 2 factor enabled. If not why, got so many advisers to tell them what to say, what to wear, yet no one said how to secure your icloud properly.

    Last edited 05/09/14 4:21 pm

      Great that Apple are finally doing this, not sure why its take a problem like this to get it done.
      It always happens like this, if you remember it took Adobe's 40 million customers to become victims (including me) of hackers before they took measures which includes encrypting passwords and brute force protection on all their systems.

      Question i have though is why hadn't Apple done this when they introduced 2 Factor in the first place.
      I'm not going word-for-word but Apple said something like: It would have been a very unnecessary step for users to have to authenticate twice on their desktop PC which takes time when they could simply ensure their login details are correct.

      I was really happy to hear 2 factor was now available with Apple but confused that it only covered certain things.
      As above, I absolutely must have 2 step auth on any service I use, currently the only service I don't use it on is Facebook but that's because I can't log into Cydia so rather than disable it on Google I chose Facebook because it tells me when I'm signed into another location which Google don't.

      did they have crappy passwords and did they have 2 factor enabled
      Yes and no, remember that 2 factor auth doesn't take affect on the Windows iCloud client therefore even with it on their shitty passwords allowed them to be targeted far easier. Also it wasn't their iCloud passwords that were compromised but there email accounts.

      If not why, got so many advisers to tell them what to say, what to wear, yet no one said how to secure your icloud properly.
      Hollywood man, you really think they pay them so they can tell them how to live their lives online? That's why they pay people in the CGI department to create those crappy scenes which everyday people think are advanced but in reality are simple.

      Last edited 05/09/14 5:15 pm

    Lol Apple not a good time to be getting bad press when you're next iPhone announcement is just around the corner!

    i remember words like
    - Mac is unhackable
    - There are no viruses for mac
    - Mac makes all their stuff perfect.

    the moment mac becomes a big player and they start making more than just a simple operating system their shit starts falling over left right and centre.
    - phones with exploding batteries
    - Updates that kill wifi and 4g

    ohhh poor mac.. now you are in just as much doo doo as windows ever was

Join the discussion!

Trending Stories Right Now