Cook says Apple will roll out new iCloud security alerts, expand 2-step authentication after celebri
In response to a recently leaked cache of nude photos apparently stolen from celebrities' iCloud accounts, Apple CEO Tim Cook said the company plans to activate new security measures designed to thwart future attacks.
Speaking to The Wall Street Journal, Cook reiterated Apple's stance that iCloud was not breached before announcing new security protocols meant to give users a heads-up when changes are made to their accounts.
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," Cook said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
To add an extra layer of protection, Cook said Apple will start sending out email and push notification alerts when an attempt is made to restore iCloud data to another device. The protocol adds to current safety measures that push out similar messages when a password has been changed or a device is first linked to an iCloud account.
With the alerts in place, iCloud users can quickly react to potential breaches by closing off access or deleting files before a nefarious user has a chance to download potentially sensitive data.
As for Apple's current security measures, Cook thinks the company is doing well, pointing to the iPhone 5s' Touch ID fingerprint recognition feature and iCloud's two-step authentication protocol, which requires users enter both a password and a separate code sent to a trusted device prior to making account changes. Cook said the feature's coverage area will be widened with the release of iOS 8 to include iCloud access from mobile devices. Cook also said Apple will be proactively pushing the two-factor system in the future.
Last weekend, dozens of nude photos taken from iCloud accounts belonging to Jennifer Lawrence, Kate Upton, Ariana Grande and more were dumped on the Web after being collected through various corners of the Internet, including anonymous image board AnonIB. In the ensuing aftermath, Apple issued a statement denying hackers were able to breach iCloud security, instead blaming targeted attacks that have "become all too common on the Internet."
Apple will continue to work with authorities toward finding the culprit or culprits behind the attacks and subsequent mass data leak.
"We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are," Cook said.
Speaking to The Wall Street Journal, Cook reiterated Apple's stance that iCloud was not breached before announcing new security protocols meant to give users a heads-up when changes are made to their accounts.
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," Cook said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
To add an extra layer of protection, Cook said Apple will start sending out email and push notification alerts when an attempt is made to restore iCloud data to another device. The protocol adds to current safety measures that push out similar messages when a password has been changed or a device is first linked to an iCloud account.
With the alerts in place, iCloud users can quickly react to potential breaches by closing off access or deleting files before a nefarious user has a chance to download potentially sensitive data.
As for Apple's current security measures, Cook thinks the company is doing well, pointing to the iPhone 5s' Touch ID fingerprint recognition feature and iCloud's two-step authentication protocol, which requires users enter both a password and a separate code sent to a trusted device prior to making account changes. Cook said the feature's coverage area will be widened with the release of iOS 8 to include iCloud access from mobile devices. Cook also said Apple will be proactively pushing the two-factor system in the future.
Last weekend, dozens of nude photos taken from iCloud accounts belonging to Jennifer Lawrence, Kate Upton, Ariana Grande and more were dumped on the Web after being collected through various corners of the Internet, including anonymous image board AnonIB. In the ensuing aftermath, Apple issued a statement denying hackers were able to breach iCloud security, instead blaming targeted attacks that have "become all too common on the Internet."
Apple will continue to work with authorities toward finding the culprit or culprits behind the attacks and subsequent mass data leak.
"We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are," Cook said.
Comments
It's a start.
Agree. The silent download of backups from iCloud by law enforcement tools will also notify users now. I would also like an audit dashboard to see where devices are connecting from that are accessing my data. Seeing IPs being used where I am not would be something that I could easily spot. I think of this like a credit card statement. Being able to see where I used my card lets me see when someone else is playing me and using my card. I want the same for the cloud.
I believe it is Google that actually warned me one time about connecting to gmail from a very different address within a short period of time. I was out of the country, but used VPN back into the country as well as accessing it without VPN. They were concerned that I could not be in and out of the country at the same time. Not a Google fan at all, but that was a nice thing to warn me about.
...celebrity photo flap
You did that on purpose.
PLEASE tell me there won’t be any time during the keynote dedicated to this drivel.
Also, what about iOS 6-only devices?!
Facebook does something quite similar.
Nah, he’s right.
To add an extra layer of protection, Cook said Apple will start sending out email and push notification alerts when an attempt is made to restore iCloud data to another device. The protocol adds to current safety measures that push out similar messages when a password has been changed or a device is first linked to an iCloud account.
With the alerts in place, iCloud users can quickly react to potential breaches by closing off access or deleting files before a nefarious user has a chance to download potentially sensitive data.
Looks like I was too hasty. According to Apple, iCloud backups are encrypted, contrary to Mashable. And Cook did address expanding 2-factor authentication. I somehow missed that on my first read through. Whoops.Thanks Tim. Meanwhile I'll stock up on a little more AAPL before the dust settles
That's "photo fap".
This alone is worth the click…
Why would his bottom be censored? Everyone has a bottom. It’s not a naughty bit.
Everybody has breasts, but they sensor those on chicks
Cook says Apple to alert iCloud users of nude celebrity photos being deposited into their account.
I'm going to bed.
This is what I like about Cook. He's not afraid to say when they may have messed up (not necessarily saying that happened here) or where they can do better. Similar to what happened with Maps.
He's also not afraid to placate the public a bit. The truth is that there is zero proof that all those folks stuff came from iCloud. I believe Jennifer Lawrence is the only confirmed iCloud user in the bunch. The rest could have been Drop Box etc. And in Jennifer's case for all we know the source was a disgruntled employee who knew the log in info and decided to get back at her. Or a greedy current one with the same access.
But folks are screaming they should have more alerts so Tim will give it to them. Kind of like how Steve pointed out that the whole antenna gate thing was actually present on tons of phones but still gave folks free bumpers.