VPN Articles and News

Apple Improves iCloud Security In Response To Celebrity Photo Leak

By
Friday, October 24th, 2014


In early September, hackers posted nude images of more than 100 celebrities including Jennifer Lawrence, Kate Upton, Rihanna, Kim Kardashian and Kirsten Dunst on the internet. The images were reportedly stolen from the celebrities’ iCloud accounts so Apple was heavily criticized for the security breach. However, the company defended itself by saying that hackers used phishing techniques to steal data and iCloud security was never compromised. Nevertheless, Apple has introduced several new security features to strengthen the security of iCloud accounts in response to the episode:

E-mails and Push Notifications

Whenever there is an attempt to access their iCloud accounts from a new location, change their iCloud passwords or backup their iCloud details on a new device or platform. As of now, users get emails (but not push notifications) when their iCloud password is changed or their account is used with a new device. The move of sending a notification when iCloud backup is uploaded to a new device would allow users to change their passwords or alert Apple’s security team before someone causes real damage to their accounts.

2-step Verification for Apple’s iCloud Service

From now onwards, if someone wants to make any change to his/her iCloud account, he/she would also need to supply the security code send by Apple (to a trusted device such as iPhone) in addition to entering the login credentials. The 2-step verification is increasingly being used by many companies and service providers (for instance, email and social networking sites) as a way to provide secure access to their services. The 2-step verification provides unbreachable security since hackers would need to have access to both your phone as well as login credentials in order to log into your account. And when you consider that Apple’s devices also provides biometric security (Touch ID) in addition to 2-step verification, you will appreciate how far Apple has gone in order to protect your data.

App-specific Passwords

This is yet another move to strengthen iCloud security since it would no longer be possible to access iCloud data from apps like MS Outlook or Thunderbird without supplying the correct app password. And since one iCloud account would support up to 25 app passwords at any given time, you would be able to use all your favorite apps without compromising on the security front.

One of the biggest criticisms leveled against Apple in the wake of the celebrity leak was that the company allowed anyone (even hackers) to guess passwords unlimited number of times without account lockouts. This glaring security loophole was most probably used to steal data from celebrities since hackers just needed to guess answers to password recovery questions through trial and error in order to gain access to their iCloud accounts. Apple has now plugged this loophole as well so nobody would be able to gain access to your account through trial and error or through dictionary based/brute force attacks.


October 24, 2014
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


8 + 2 =