Apple bites back: Securing iCloud with alert messages

Apple bites back: Securing iCloud with alert messages
Apple intends to keep hackers away from client’s private data stored in iCloud’s database by using mail and push message security alerts, the company’s Chief Executive told WSJ. Apple denied the recent nude celebrity pics scandal was a security breach.

An iCloud user will be notified if someone tries to change the password to his or her cloud, if some electronic device is connecting to the service for the first time, or when restoring iCloud data to a new device, Apple’s Chief Executive Tim Cook revealed in an interview to the Wall Street Journal.

So far users only get an email notification when a password change attempt was registered by the system, or a personal cloud was logged into from an unknown Apple device for the first time. To date, restoring iCloud data has not been notified at all.

Apple is expected to start sending such notifications within two weeks, enabling users to regain control over their cloud immediately with a password change and by alerting Apple's security team.

Cook specifically stressed that the latest scandal with photographs of celebrities extracted from Apple’s iCloud databases and exposed on the web has nothing to do with breaching the company's servers and leaking Apple IDs and passwords from them.

“We want to do everything we can do to protect our customers, because we are as outraged, if not more so, than they are,” Cook said.

Apple Inc CEO Tim Cook (Reuters/Robert Galbraith)

The hackers who gained access to celebrities' iCloud accounts did it either through using phishing scam techniques, or by somehow correctly answering security questions to obtain user IDs and passwords.

Apple’s iCloud service has gained huge popularity among users worldwide as it allows for storing huge amounts of content, such as personal photographs, video clips etc. on the company’s servers, and have access to them from Apple smartphones and computers around the globe.

The security of cloud services has been an issue among IT security experts, but convenience and the almost unlimited storage capabilities of the cloud offset people’s personal data safety concerns.

Apple Inc. is continuing to improve its security services ahead of revealing the next-generation iPhone 6 smartphone next week. The company is following the global two-factor authentication trend, which needs not only an initial logon, but also requires filling in an additional verification code to secure the stored data, Cook said, also pointing out that the company has already introduced a fingerprint sensor in its iPhone 5S to enhance security.

The fingerprint sensor in Apple’s smartphones not only unlocks the device, but also integrates with personal finance management as it authorizes purchases.

Users who store private photos and data in cloud services very often neglect to protect their information with complicated passwords, because typing in complex strings of upper and lower case letters and digits over and over again is too burdensome.

Preventing future intrusions is a human rather than a technological thing, Tim Cook noted. Apple is working towards making people aware of hackers possibly targeting their accounts and the “importance of creating stronger and safer passwords,” WSJ said.

It appears that no technological gimmick can save someone from electronic and computer crimes, if elementary precautions are not taken when using the web.

“I think we have a responsibility to ratchet that up. That's not really an engineering thing,” Cook said.

“There's a well-understood tension between usability and security,” Ashkan Soltani, an independent security researcher, told WSJ. He stressed that new notifications “will do little to actually protect consumers' information since it only alerts you after the fact.”