Tim Cook vows to improve iCloud security, prevent future ‘nudegates’

Tim Cook on iCloud Security

One of the downsides of so many celebrities using your devices is that you’ll share the blame when anything privacy-related affects them. Apple’s iCloud services have been blamed for the hack that resulted in multiple celebrities having their nude pictures leaked all over the Internet, although Apple later revealed that it wasn’t a widespread iCloud hack that’s actually to blame for the huge personal data leak, but rather other factors that are independent from Apple’s iCloud security measures.

FROM EARLIER: Law enforcement iCloud hacking tool used in Jennifer Lawrence nude photos theft

However, this particular picture leak has hit Apple a few days before its most important announcement of the year, prompting Tim Cook to step in and promise in an interview with The Wall Street Journal even better security features to prevent similar iCloud leaks in the future.

“We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are,” Cook said.

In the following weeks, a new feature will be rolled out: Emails and push notifications will be sent to iTunes users when someone tries to change an account password, restore iCloud data to a new device, or log into an account for the first time, allowing the user to take immediate action when something isn’t right – that includes changing passwords and even alerting Apple’s security team.

Right now, users only get an email from Apple when a password change is detected and when a new device is used with an account for the first time, but not for any iCloud activity such as restoring data from a previous backup, an action that was likely used in the recent hack.

Furthermore, Apple will strongly encourage users to sign up for two-step verification logins, that can make the hackers’ jobs even more difficult when trying to get access to someone’s account. In iOS 8, which should be rolled out to compatible devices in the following weeks, two-factor verification will be enabled to cover access to iCloud accounts from a mobile device.

Most importantly, Cook wants to better inform Apple’s customers about the security practices in place, as the CEO thinks the company could have done more to raise awareness about personal data theft risks.

“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook said. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”

Apple’s top exec also revealed more details about how hackers managed to get access to the iTunes accounts of those celebrities, saying that they compromised accounts by correctly answering security questions to obtain passwords, or by phishing iTunes login credentials from a device. Cook further emphasized a point Apple made before, that the Apple IDs and passwords did not leak from the company’s servers.

Apple is about to introduce the iPhone 6 and iWatch, alongside brand new iOS 8 features that will need the user to trust the company with even more personal data including payment information, health information and home details, which explains why the company appears very interested in reinforcing iTunes and iCloud security and privacy protection, and why Tim Cook stepped up to the plate to deal with this particular PR problem before he introduces new products next week.

blog comments powered by Disqus