Apple says iCloud not broken, that’s why they fixed it



Apple is denying there was anything wrong with iCloud yet they finally patched a gaping security flaw.

After a bevy of nude celebrity photos were stolen from iCloud accounts and posted on the web, Apple insisted that it wasn’t their fault, no one hacked their system, the celebs were careless about their passwords, the hackers didn’t take advantage of ‘find my iPhone’ and besides they fixed a gigantic security flaw within days of finding out about it…well, maybe a month or two after finding out about it…well, at least after somebody took advantage of the flaw anyway. So obviously it wasn’t Apple’s fault.

Related: Apple’s Tim Cook promises to let people know immediately after they’ve been hacked

That’s a bit like saying ‘I categorically deny having anything to do with this and I promise never to do it again.’

The security issue that wasn’t Apple’s fault that they finally fixed after this whole mess hit the press was shockingly stupid and bordered on negligent. On most systems – at least those built by people who know even the most basic things about security – they only let you try to log in two or three times in a single login attempt. If you don’t enter the correct password or user name in those three attempts they system blocks you from trying again and usually prompts you to either answer additional security questions or offers to email your forgotten password to your email account.

This prevents a hacker from sitting at a keyboard all night trying hundreds of different passwords until they get lucky or more likely run an automated password guessing program that can cycle through thousands of different combinations of letters and numbers until it guesses the right one. These are knows as brute force attacks. No subtlety at all – just keep guessing until you find a password that works. In fact a hacker group pointed this out last May and suggested using brute force attacks to hack iPhone and iCloud accounts. But Apple didn’t do anything about it until after someone exploited the flaw.

Apple didn’t have this simple blocking procedure in place when the celeb’s pictures were stolen so hackers could simply run a password guessing program over and over again until it found the celebrity’s iPhone passwords. And since the iPhone password is usually the same password used to access iCloud accounts (Apple support actually recommends you use the same Apple ID for both) …well, it’s pretty easy to put two and two together here.

Related: Apple should be held responsible for the iCloud hacks

Apple does allow users to set up a more secure process they call two-step verification (sometimes known as two-stage authentication) where it sends a text message to your iPhone when you try to log into your account and you have to enter that code number as well as your password. This helps mitigate hacking attempts since a hacker would need to have both your password and your iPhone. But this security feature is not implemented by default and according to some reports it actually takes days to activate.

In fact there all sorts of security things in the world of Apple that aren’t activated unless the user goes out of their way to set them up and there are other things that could be risky that are activated by default and also require user intervention to turn them off.

Now if all those silly celebs had used better passwords and gone through all the steps necessary to activate two-step verification then perhaps none of this would have happened. Maybe they didn’t read the manual carefully enough…oh wait, the iPhone user guide doesn’t actually mention two-step verification anywhere. Well that’s not Apple’s fault is it?



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for many of the most influential publications over the years – publications that helped shape our current technological zeitgeist. He has lost count of the number of articles, blogs, reviews, rants, and books that he has published over the years, but he hasn’t stopped learning and writing about new things.


More

NVIDIA Launches New GPU and Proves We DID Land On the Moon

Maxwell in NVIDIA’s new impressively powerful GPU, they used a desktop graphics card to prove that the moon landing photo that many believed was taken in a studio, and not on the moon, wasn’t a hoax.

Qualcomm Moves to Change the World and Create Real Superheroes

In Qualcomm's future your cell phone not only connects and can stream through all your TVs and Music devices if you want a tune you have on your phone on any music device in any room at any time you just push it there.

Apple claims even they can’t crack an iOS 8 device

In a post on the Apple website yesterday the company claimed that they won’t comply with government warrants to unlock devices running the new iOS 8, because they can’t.