In the wake of the recent iCloud hacking during which nude photographs of more than 100 celebrities were leaked, Apple is adding a new layer of security and authentication to their users iCloud accounts. In the first ever statement after the major hacking incident, the Apple CEO Tim Cook said that the celebrities’ iCloud accounts were hacked because the hackers were able to correctly answer security questions to obtain their passwords. Phishing scams were also used to obtain users’ ids and passwords. According to this Wall Street Journal article, he insisted that no Apple IDs and passwords were leaked from the company’s servers.
In order to make things a bit difficult for the hackers, every time a new, unregistered device tries to log into a user’s iCloud account for the first-time, the user will be notified by email as well as the push notification service. The user will also be notified when someone tries to change an account password and restore iCloud data to a new device. This new extra security layer will be implemented within the next two weeks and the users will start receiving their security alerts and notifications. The iCloud users then will get enough time to either quickly change their password or contact Apple’s security team.
As I have previously written, the safeguarding technologies cloud storage services like Google Drive, Dropbox as well as iCloud use more or less same levels of security and for hackers it’s normally difficult to use brute force. There is a remote possibility that they can access the information directly from the servers. The security is compromised because most of the people are not very cautious about keeping their sensitive information safe. Tim Cook admitted that the company should have been more proactive with educating its users and making them more aware of the dangers of hackers and encouraging them to create stronger passwords. According to him:
When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece. I think we have a responsibility to ratchet that up. That’s not really an engineering thing.
Since more and more people are using smart devices like the iPhones, the iPads and various other devices, it’s important that people are made aware of the implications of keeping their data on these devices as well as over the cloud services. This is the job of the service providers like Apple, Google and Dropbox. If there is double authentication required or even triple authentication, users should be educated about the importance of going to all this trouble.