Skip to main content

iCloud security

See All Stories
Site default logo image

Apple briefs Congress in its continuing effort to promote its privacy credentials

Politico reports that Apple briefed a Congressional committee on the security and privacy of its products following concerns raised by the celebrity nudes story.

A week after Apple rolled out new products that track users’ health and fitness, the company dispatched its executives to Capitol Hill to address emerging privacy and security concerns […]

Bud Tribble, the company’s chief technology officer, and Afshad Mistri, its health product manager, briefed the powerful House Energy and Commerce Committee, according to three congressional sources.

Apple is clearly focusing on communicating its commitment to securing user data. Tim Cook yesterday published a letter on the company’s website addressing the issue. Apple also added a new webpage specifically focusing on the security credentials of iOS, OS X and its cloud services.

While it now appears clear that the methods used to obtain celebrity nudes from iCloud were a combination of phishing and weak security questions rather than any fundamental weakness in the service itself, Apple will be keenly aware that perceptions matter as much as, if not more than, facts.

Photo credit: Wikipedia

Opinion: After the celebrity hacks, the vulnerability that still exists and what needs to be done

Site default logo image

There are still many unknowns surrounding the leaked celebrity nudes. While Apple appears to have ruled out a theory that a Find My iPhone vulnerability allowed easy brute-force password attacks, some commentators are suggesting that the wording was sufficiently vague that this may indeed have been one route in. (Apple might be arguing that it’s not a breach if the correct password was required.)

But one thing does now appear clear: rather than a single hacker gaining wide access to iCloud, the photos were instead amassed over time by a number of different individuals likely using several different approaches. Phishing was doubtless one of them – some of the claimed emails from Apple are reasonably convincing to a non-techy person – but another was almost certainly to exploit one of the greatest weaknesses found in just about every online service, including iCloud: security questions.

[Update: Tim Cook has confirmed these were the two methods used] 


Expand
Expanding
Close

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications