Apple says iCloud not broken, that’s why they fixed it



Apple is denying there was anything wrong with iCloud yet they finally patched a gaping security flaw.

After a bevy of nude celebrity photos were stolen from iCloud accounts and posted on the web, Apple insisted that it wasn’t their fault, no one hacked their system, the celebs were careless about their passwords, the hackers didn’t take advantage of ‘find my iPhone’ and besides they fixed a gigantic security flaw within days of finding out about it…well, maybe a month or two after finding out about it…well, at least after somebody took advantage of the flaw anyway. So obviously it wasn’t Apple’s fault.

That’s a bit like saying ‘I categorically deny having anything to do with this and I promise never to do it again.’

The security issue that wasn’t Apple’s fault that they finally fixed after this whole mess hit the press was shockingly stupid and bordered on negligent. On most systems – at least those built by people who know even the most basic things about security – they only let you try to log in two or three times in a single login attempt. If you don’t enter the correct password or user name in those three attempts they system blocks you from trying again and usually prompts you to either answer additional security questions or offers to email your forgotten password to your email account.

This prevents a hacker from sitting at a keyboard all night trying hundreds of different passwords until they get lucky or more likely run an automated password guessing program that can cycle through thousands of different combinations of letters and numbers until it guesses the right one. These are knows as brute force attacks. No subtlety at all – just keep guessing until you find a password that works. In fact a hacker group pointed this out last May and suggested using brute force attacks to hack iPhone and iCloud accounts. But Apple didn’t do anything about it until after someone exploited the flaw.

Apple didn’t have this simple blocking procedure in place when the celeb’s pictures were stolen so hackers could simply run a password guessing program over and over again until it found the celebrity’s iPhone passwords. And since the iPhone password is usually the same password used to access iCloud accounts (Apple support actually recommends you use the same Apple ID for both) …well, it’s pretty easy to put two and two together here.

Apple does allow users to set up a more secure process they call two-step verification (sometimes known as two-stage authentication) where it sends a text message to your iPhone when you try to log into your account and you have to enter that code number as well as your password. This helps mitigate hacking attempts since a hacker would need to have both your password and your iPhone. But this security feature is not implemented by default and according to some reports it actually takes days to activate.

In fact there all sorts of security things in the world of Apple that aren’t activated unless the user goes out of their way to set them up and there are other things that could be risky that are activated by default and also require user intervention to turn them off.

Now if all those silly celebs had used better passwords and gone through all the steps necessary to activate two-step verification then perhaps none of this would have happened. Maybe they didn’t read the manual carefully enough…oh wait, the iPhone user guide doesn’t actually mention two-step verification anywhere. Well that’s not Apple’s fault is it?



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for more years then he cares to admit.


More

Set course for 2014 MU69 commander Sulu

The New Horizon has a new mission, a mere one billion miles away, to observe another Kuiper Belt Object called 2014 MU69. Disappointing as it may be to Pluto fans, Pluto is only a dwarf planet, an object in the Kuiper Belt which stretches from Neptune’s orbit to billions of miles from the sun(50 Astronomical Units to be exact). Already having travelled some 3 billion miles to Pluto, where the New Horizon spacecraft earned a lot of international fame for its stunning pictures of the dwarf planet, the onward journey to its next mission will not be that cost intensive. Why go to the trouble, you...

3 reasons why you should understand Schrodinger’s Cat

Explaining superposition and the Schrodinger cat.

The cork and the emergency landing

The risks of drinking in the air