iCloud security Stories September 18, 2014

Apple briefs Congress in its continuing effort to promote its privacy credentials

Politico reports that Apple briefed a Congressional committee on the security and privacy of its products following concerns raised by the celebrity nudes story.

A week after Apple rolled out new products that track users’ health and fitness, the company dispatched its executives to Capitol Hill to address emerging privacy and security concerns […]

Bud Tribble, the company’s chief technology officer, and Afshad Mistri, its health product manager, briefed the powerful House Energy and Commerce Committee, according to three congressional sources.

Apple is clearly focusing on communicating its commitment to securing user data. Tim Cook yesterday published a letter on the company’s website addressing the issue. Apple also added a new webpage specifically focusing on the security credentials of iOS, OS X and its cloud services.

While it now appears clear that the methods used to obtain celebrity nudes from iCloud were a combination of phishing and weak security questions rather than any fundamental weakness in the service itself, Apple will be keenly aware that perceptions matter as much as, if not more than, facts.

Photo credit: Wikipedia

iCloud security Stories September 3, 2014

There are still many unknowns surrounding the leaked celebrity nudes. While Apple appears to have ruled out a theory that a Find My iPhone vulnerability allowed easy brute-force password attacks, some commentators are suggesting that the wording was sufficiently vague that this may indeed have been one route in. (Apple might be arguing that it’s not a breach if the correct password was required.)

But one thing does now appear clear: rather than a single hacker gaining wide access to iCloud, the photos were instead amassed over time by a number of different individuals likely using several different approaches. Phishing was doubtless one of them – some of the claimed emails from Apple are reasonably convincing to a non-techy person – but another was almost certainly to exploit one of the greatest weaknesses found in just about every online service, including iCloud: security questions.

[Update: Tim Cook has confirmed these were the two methods used] 

expand full story

Powered by WordPress.com VIP