Apple Beefing Up iCloud Security With New Alerts
The iCloud security scandal engulfing Apple just days before new iPhone 6 models and the iWatch are unveiled has now seen Apple CEO Tim Cook take charge and publicly announce new security measures in an interview with the Wall St Journal.
Mr Cook told the WSJ information did not leak from Apple servers, but that hackers were able to “correctly answer security questions” to reset passwords, or used phishing scams to target celebrities and others to trick them into divulging their Apple IDs and passwords.
Clearly, the ability to relatively easily reset passwords is a problem affecting not only Apple but many other online services, with a tough balancing act in place – how to keep genuine password resets easy for account owners but impenetrable for hackers?
Although Apple already notifies users when a new device logs into iMessage, as well as when a password change is attempted or a login is detected from an Apple device you haven’t used before, WSJ reports Apple did not notify its users when a device was restored using the data saved in iCloud servers, which will now change.
The new push notifications and email alerts for iCloud data restoration won’t start for a couple of weeks.
Reassuringly, WSJ reports Apple stating: “the new system will allow users to take action immediately, including changing the password to retake control of the account, or alerting Apple’s security team.”
However Mr Cook acknowledges in the interview that “Apple could have done more to make people aware of the dangers of hackers trying to target their accounts or the importance of creating stronger and safer passwords”, noting that “When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece. I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”
Mr Cook pointed to Apple’s Touch ID fingerprint sensor and says Apple will work to get more people using its two factor authentication security system which is currently optional.
The Company is working closely with law enforcement but refused to tell the Wall St Journal how many iCloud accounts had been compromised due to the ongoing investigation.