Apple is set to expand its iCloud security capabilities over the next two weeks in light of one of the most public breaches in history.
While CEO Tim Cook denies iCloud’s servers were breached in a coordinated attack that led to dozens of celebrities’ nude photos being posted to the internet, he acknowledged to the Wall Street Journal that more stringent notifications are necessary when attempting to restore backup data to a new device.
He said that the cause of the iCloud breach was a combination of the successful acquisition of users’ security question answers and phishing email links; iBrute, the exploit that allowed for an unlimited number of password guesses when access the iForgot API at a command line, was also likely involved.
Cook says that in the next two weeks, Apple will begin issuing push notifications and emails to users accessing various sections of the iCloud ecosystem. For example, password changed and iCloud restores will prompt a warning on both an iDevice and over email.
Two-factor authentication, which we highlighted as one of the key ways to keep cloud data safe, is only used by a small portion of the Apple user base, as most people don’t understand its inherent benefits.
Cook, who likely wanted to get out in front of the brand-damaging issue before next week’s iPhone announcement, said, “We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are.”
iOS 8 will add two-factor authentication access to iCloud on a mobile device, as Apple plans to expand its usefulness by explicitly making files and folders available for the first time.
[source]Wall Street Journal[/source]