As you may have already read or seen, iCloud security has come under question after many accounts were targeted and hacked last week. Hackers were able to gain access to sensitive photographs of a number of female celebrities, including Jennifer Lawrence and Kate Upton amongst others, and leaked them online.
Tim Cook, CEO of Apple, denies the servers were to blame, suggesting hackers correctly answered security questions to obtain passwords or used a phishing scam to obtain user IDs and passwords to access the accounts. Many have criticised Apple’s security flaw, where anyone with your username and password can grab an Apple device and synchronize it with your iCloud account, gaining access to all your private files.
As a step toward strengthening iCloud security, Apple will now notify users via email when someone tries to restore iCloud data to a new device. Account password changes or logging in via unknown devices currently issues a notification as well, and Apple will use ‘two-factor’ authentication on a much wider scale, asking users for a password, an access key (provided during first time sign up) or a separate onetime code.
Apple plans to also make users more aware of the threats posed by hackers. Users will be encouraged to activate the two-step verification on the new iOS 8.
Derek Manky from Fortinet shares his thoughts in the video below, suggesting users should be more educated and aware of what exactly is being enabled on their devices when an application is running.