Apple should be held responsible for the iCloud hacks



With the recent spate of high-profile hacks you have to wonder who should be held accountable when someone makes a mistake that results in a system breach.

Even if the Apple iCloud fiasco was caused by weak passwords or phishing scams on the celebrities themselves Apple still left the security door wide open by not limiting login attempts. This meant that hackers could use brute force attacks to repeatedly guess user passwords over and over again until they hit upon the correct one.

I’m guessing that most people (including the celebrities who had their iCloud accounts hacked) don’t realize how fast even a standard desktop computer can run though literally tens of thousands of possible combinations per minute.

Most systems limit the number of login attempts before they stop the process and fall back on security questions, double-factor verification or simply ask the user if they have forgotten their password and offer to email it to them. Apple didn't implement this most basic of security features until after the celeb breach.

Someone at Apple screwed up here. But finding out who that particular person was could be extremely difficult – particularly because it wasn’t so much a bug but a feature that was never implemented. Either way someone at Apple should have known this was a flaw.

The problem was exacerbated by the fact that Apple touts just about everything they do as being easy and safe. For years Apple has boasted about the relatively few viruses there are on Macs. They’ve even taken a number of pot-shots at Microsoft over the years criticizing them for security flaws and crashes. Just recently Tim Cook said the Android market was rife with malware and unsafe apps (the implication was that apps in the Apple Store were all perfectly safe).

Apple wants people to believe that you don’t have to be a techie to use their products. They want people to think that using an iPhone, iPad or Mac is easier than using any other device.

But this also involves an implicit promise that Apple will take care of all the techie stuff for you and that includes protecting you and your data from any attack.

Now Apple can’t help it if someone reveals their password to someone else either out of sheer stupidity or by falling prey to some sort of scam, but not telling people about the ways they can protect themselves is another mistake.

Apple does offer double-factor verification, but only if the user actively enables it (it isn’t the default) but since it isn’t even mentioned in the iPhone manuals the user would have to somehow know what it is, dig deep into the online help to enable it and they would have to know that it even exists.

Apple needs to rethink how they can make everything easier for their customers – including security.



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for more years then he cares to admit.


More

IoT, its future and its impact on our lives

A radical change in our lives brought about by the Internet of Things – An overview

How to get your business through stormy weather

Having your own business is very rewarding in many ways, but it comes with a price. When you run your own business, no matter how big or small, you are responsible for yourself and the people that you employ, there is no monthly paycheck unless you provide for it. That is why having a solid financial base is crucial to keep your business alive if or when the going gets rough. There are lots of reasons your income or turnover could slack, not the right season, the economy is slow, there is a new and better product on the market or even new competition. In most cases, if you play your cards...

Natural remedies for Hiatal Hernia that you should follow

Exercise and a proper diet might help you avoid surgery