Apple takes steps to increase iCloud security post-Fappening
It's not a phrase that Apple is using, but the Fappening is a word that very quickly entered the popular lexicon. Once the excitement and titillation factor died down after hundreds of private celebrity photos were leaked on the infamous 4chan (now with added DMCA policy!), attention turned to just how it fappened. Sorry, happened. Attention focused on Apple's security, and the company said it was undertaking an investigation into what it described as a targeted attack. CEO Tim Cook says that new account alerts are to be added to iCloud to help tighten security.
Speaking to the Wall Street Journal about the incident, Cook explained that celebrity accounts had been accessed as a result of phishing scams as well as hackers working out the answers to account security questions. He stressed the company's previous statement that there had not been a security breach and that no passwords had been leaked. Apple, like many other firms, offers a two-factor authentication option, but additional security measures will be introduced.
In the next couple of weeks, iCloud users will start to receive emails and push notifications when an attempt is made to change an account password, when someone tries to restore iCloud data to another device, and when a new device tries to access the account. With just days to go until the unveiling of the iPhone 6, Apple will be keen to divert attention from events such as the photo leaks. While the company is taking steps to bolster account security, Cook also acknowledges that there's more to be done:
When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece. I think we have a responsibility to ratchet that up. That's not really an engineering thing.
It's not yet clear what form facing up to this responsibility will take, but Apple is planning to push two-factor authentication to users more in the future.
Do you think Apple is doing enough? Will the introduction of push notifications really help to improve security?