When the celebrity nudes story broke back in 2014, it was headline news in the mainstream media. The story was that ‘iCloud had been hacked.’ The truth, of course, was a little different. As we suspected at the time, and Apple later confirmed, the ‘hack’ wasn’t really any such thing. A combination of two techniques were used to gain access to the iCloud accounts.
First, phishing: sending emails designed to look like they were from Apple asking the celebrities to login to their accounts, and directing them to a fake website made to look like the real thing. Second, guessing the answers to security questions – something easier to do with celebrities given the amount of biographical information available in the public domain.
That’s not to say Apple was entirely blameless. iCloud did not, at the time, offer two-factor authentication. Given that an iCloud backup is a near-complete copy of all the data stored on an iPhone, that was something which should have been included from the start. But the bottom-line is that iCloud itself wasn’t really hacked in any meaningful sense of the word.
It was this week confirmed that phishing was the approach taken by the main offender in this case. In other words, nothing whatsoever to do with iCloud security. This news hasn’t resulted in a single headline in the mainstream media. The average non-tech person out there still believes ‘iCloud was hacked’ …
This isn’t just a theory on my part. I have non-tech friends who, when teasing me about my addiction to all things Apple (well, almost all things), still refer to the supposed hack even now.
Had the case been contested in court, it’s possible that it would have once more made the headlines, and that would have provided an opportunity for people to learn the truth. But because the person responsible has pleaded guilty and signed a plea agreement, it’s gone mostly unnoticed by the mainstream press.
That strikes me as something Apple ought to address. There are many millions of people out there who, to this day, believe that iCloud was hacked. That someone was able to break through Apple’s security and go rifling through as many accounts as they wanted. That’s a belief which damages Apple’s reputation, and were I Tim Cook, I’d be pretty keen to set the record straight with some high-profile interviews.
Cook would have no difficulty getting those opportunities. Especially right now, when iPhone security is headline news for other reasons.
The so-called Bendgate was another example where Apple did surprisingly little to respond to frankly silly allegations that got a lot of play in the mainstream media. Again, to this day there are plenty of people convinced that iPhones are weaker than competitor phones.
The reality, of course, is that Bendgate was mostly stupid. The ‘revelation’ was that if you apply a ridiculous amount of pressure to a large, thin gadget made from aluminum, it will bend.
Again, Apple was not entirely blameless. There did appear to be a specific weakness in the iPhone 6 Plus chassis where, if you happened to apply pressure at just the right (or wrong) point, it would bend more easily than otherwise. But something that was affecting tiny numbers of people, and which mostly applied to every competitor device out there, got massively blown out of proportion.
Apple did respond, but very quietly. It could have lined up a whole bunch of competitor devices and conducted public bend tests right on its front lawn, and it would have had TV cameras three deep. No-one would have been left in any doubt about the reality. But it didn’t.
I can understand a quiet response when something hasn’t really got much traction. Responding in such cases can do more harm than good, by drawing more attention to the issue than it had gotten beforehand. A variation on the Streisand Effect. But both Bendgate and the celebrity nudes stories were already in the headlines. By that point, correcting the misapprehensions could only have helped.
Perhaps Apple prefers to maintain a dignified silence, quietly stating the facts but not making any fuss. I can understand that as a philosophy, and it’s very much in keeping with what we see of Cook’s personality.
But there’s a second reason I think Apple should do much more in response to the celebrity nudes case: it would draw widespread attention to phishing attacks. It’s an opportunity to educate the non-tech public about a growing danger.
Sure, many phishing emails are still pathetic, with poor grammar and mis-spelled words, but I’ve seen some pretty convincing examples. Emails that closely replicate the format of genuine emails from Apple and other large companies, which contain stolen graphics and small-print and which display genuine URLs. They often lead to some very close copies of Apple’s own website, complete with header links to the real thing.
Now, you and I know that the displayed URL means nothing – it’s what shows up when you hover over it that matters. We also know other clues to check, such as being addressed by name and so on. And we know that the safest course is always to ignore the link altogether and login from our own bookmarks.
But many non-techies don’t know those things, and it’s not just Hollywood celebrities who have been taken in by convincing-looking phishing emails. Plenty of ordinary people have too. A high-profile response by Apple would serve the greater good of public education as well as undoing the damage to the company’s own reputation.
What’s your view? Is Apple right to adopt the dignified silence approach, or should it do more to defend its reputation against misleading claims? And in the specific case of the celebrity nudes case, should it consider the wider benefits of educating the public about the dangers of phishing? As ever, take our poll and share your thoughts in the comments.