Science and Tech


Apple's Plan To Improve Security After Celeb Nude Photo Leak

Apple CEO Tim Cook says the company will improve user security with push notifications and an aggressive campaign for two-factor authentication.
Posted at 9:19 AM, Sep 05, 2014

You're likely familiar with the recent iCloud hacking scandal that resulted in the theft of hundreds of nude celebrity photos, including those of actress Jennifer Lawrence. 

Apple responded to that issue in a statement, insisting "none of the cases ... resulted from any breach in any of Apple’s systems."

Other than letting users know it would be working with law enforcement and providing a few security tips, the press statement seemed to be the extent of Apple's response — a move, or lack there of, that elicited a negative response from the press.

Now Apple CEO Tim Cook in an interview with The Wall Street Journal has provided more insight into the theft and subsequent leak of the photographs. 

Cook told The Wall Street Journal the celebrity photos were stolen "when hackers correctly answered security questions to obtain their passwords, or when they were victimized by a phishing scam to obtain user IDs and passwords." 

Cook is basically telling us the hackers guessed dog names and favorite restaurants, instead of hacking into Apple's servers to gather login credentials. 

The outlet reports Apple will increase user security by alerting users through email and push notifications when account details are changed. Apple already notifies users of changes via email, but push notifications are the additional security. Users will be able to take immediate action by changing the account password, "or alerting Apple's security team." (Video via Apple)

Cook says the company will add the feature in two weeks. But the company isn't stopping there, in fact, Cook said he thinks Apple may have dropped the ball a bit.

As Fortune notes, the company will push for users to activate two-factor authentication, a tool that requires users to enter a code sent to a separate, trusted device like your iPhone before you can make changes to your account. Cook said Apple could have done a better job informing users of potential threats: "When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece."

A writer for 9to5Mac says the updated security features are a step in the right direction, because Apple "has the responsibility to take care of its customers."

The company is, after all, responsible for quite a few people's personal data. According to comScore, in the U.S. alone, more than 70 million people are using an iPhone.

Is Apple running a bit behind in ramping up its security? A writer for GigaOm seems to think so.

"Given that this stuff has been going on for a long time, with ordinary people as well as celebrities ... it’s unfortunate to say the least that Apple is only springing to action to this degree when a very high-profile case hits just before a major iPhone launch."

Apple executives aren't exactly known for taking interviews with the press. It's likely no coincidence Tim Cook chose to address the issue so publicly, ahead of Apple's Tuesday press event.