The leak of private photographs of more than 100 American and British celebrities to online message board 4Chan confirms what was widely suspected – that in this day and age no cloud or operating system is entirely secure.
It was widely known that Android was vulnerable to malware, and that the US government was systematically accessing its citizens’ private information.
But to hear that a service provided by Apple – the world’s most respected consumer technology vendor – was susceptible to a breach, acted as a wake-up call to customers worldwide.
Chatroom transcripts show that “OriginalGuy”, a member of the gang who has now fled, boasted that the hacking of celebrity’s iCloud accounts “is the result of several months of long and hard work” and that “several people were in on it”.
With more than 800 million iCloud accounts worldwide, Apple has its work cut out to reiterate its previously squeaky clean security image.
CEO Tim Cook has promised that two-factor authentication – currently present on iTunes – will be implemented on iCloud accounts, and the next version of iOS. Without it, hackers were able to guess answers to security questions and gain access to the personal files on the iCloud.
Apple has pledged to send account holders emails and push notifications when someone attempts to change their password, restore iCloud data to a new device, or when a device logs into an account for the first time.
Cook was quick to deny that the iCloud’s security was to blame for the leaks, “When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook said. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”
He said hackers either correctly answered security questions in order to obtain the celebrity’s passwords or used a phishing scam to obtain user IDs and passwords to breach the accounts.
Whether or not it was user naivety that was the main factor in the breach, a brand like Apple that has been built on the idea of perfection must appreciate that the average user – especially a celebrity who spends their life in the spotlight – may not be as tech savvy as they should be.
As such, the decision to blame lack of user awareness on the leaks shows a certain arrogance – albeit one that has been earned with exceptional products – on the part of Apple, by refusing to acknowledge its own failings in protecting its customers.
The revelations will also come as a blow to Apple’s efforts to push Apple Pay, the company’s NFC-enabled service for mobile payment functions which is incorporated into the iPhone 6.
Although it is hard to fault Apple’s previous ‘good character’ in terms of security, their decision to shift the blame onto their users – who have suffered the indignity of having deeply personal information leaked to the world – is embarrassing.