Apple’s iCloud Hacking Scandal Drives More Users to Improve Security
While most of the media world is focused on Apple’s upcoming event on September 9, the company’s security policies have also recently been the subject of scrutiny. Last week, it emerged that many of the stolen celebrity photos that surfaced on the Internet had been obtained from victims’ iCloud accounts. While an initial report from coding website GitHub suggested that the photos were stolen by exploiting a vulnerability in the Find My iPhone service, Apple appeared to deny this claim in a subsequent press release.
“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” said Apple. “None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.”
However, amid ongoing criticism that the company had failed to take appropriate steps to protect users’ accounts, Apple went into damage control mode, with CEO Tim Cook further addressing the issue in an interview with The Wall Street Journal. Besides blaming hackers who were able to figure out usernames, passwords, and security questions for the affected accounts, Cook also noted that some users may have been the victims of phishing scams, in which users are tricked into revealing their login credentials.
In order boost the company’s overall security, Cook noted that Apple will soon expand its two-step verification security feature, as well as activate a notification system that alerts users when someone is trying to change a password, restore iCloud data to a new device, or when a new device logs into an account.
Cook also admitted that Apple could have done a better job of making users aware of all of the security options that were already available. “When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook told the Journal. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”
It appears that regardless of any changes Apple is planning on implementing in the future, the iCloud hacking incident has already improved users’ overall online security practices. According to a recent survey that was commissioned by security firm Tresorit and conducted by YouGov, over one-third (35 percent) of American consumers have altered their online security measures following the widely publicized iCloud hacking incident, reports 9to5Mac.
Among respondents who claimed to have changed their online security measures after the iCloud hacks, 20 percent said they created a stronger password, 13 percent created different passwords for all their online accounts, and 11 percent regularly changed their passwords. Six percent of the respondents also claimed to have enabled two-step verification for all their online accounts. Other changes that respondents claimed to have made ranged from social media settings to the use of encrypted emails.
While it’s unknown how many of the respondents in this survey are Apple users, it appears that people are already starting to change how they think about online security, regardless of any changes that Apple makes. But this doesn’t mean that Apple is out of the woods yet. Some commentators have accused Apple of giving a “blame-the-victim” response to the incident by suggesting that some users didn’t create passwords that were strong enough or take advantage of the two-step verification security feature. It can be argued that making users fully aware of the best security practices or even making the strongest security measures the default setting is the company’s responsibility.
Others have noted that a notification system that alerts users when someone is trying to change a password does not really qualify as a security protection, since an account can be compromised and downloaded in a matter of minutes. In other words, a notification alert is the online security equivalent of shutting the barn door after the horse has bolted.
Finally, the iCloud hacking incident could also negatively affect the expected rollout of Apple’s mobile payments system. According to the latest rumors, the system may offer an especially strong level of security by transmitting financial information via a coded process known as “tokenization.” Pperception is everything, and if consumers feel that Apple can’t keep its iCloud photos secure, they may be even more reluctant to trust the California-based company with their financial data.
Follow Nathanael on Twitter @ArnoldEtan_WSCS