Apple says iCloud not broken, that’s why they fixed it



Apple is denying there was anything wrong with iCloud yet they finally patched a gaping security flaw.

After a bevy of nude celebrity photos were stolen from iCloud accounts and posted on the web, Apple insisted that it wasn’t their fault, no one hacked their system, the celebs were careless about their passwords, the hackers didn’t take advantage of ‘find my iPhone’ and besides they fixed a gigantic security flaw within days of finding out about it…well, maybe a month or two after finding out about it…well, at least after somebody took advantage of the flaw anyway. So obviously it wasn’t Apple’s fault.

That’s a bit like saying ‘I categorically deny having anything to do with this and I promise never to do it again.’

The security issue that wasn’t Apple’s fault that they finally fixed after this whole mess hit the press was shockingly stupid and bordered on negligent. On most systems – at least those built by people who know even the most basic things about security – they only let you try to log in two or three times in a single login attempt. If you don’t enter the correct password or user name in those three attempts they system blocks you from trying again and usually prompts you to either answer additional security questions or offers to email your forgotten password to your email account.

This prevents a hacker from sitting at a keyboard all night trying hundreds of different passwords until they get lucky or more likely run an automated password guessing program that can cycle through thousands of different combinations of letters and numbers until it guesses the right one. These are knows as brute force attacks. No subtlety at all – just keep guessing until you find a password that works. In fact a hacker group pointed this out last May and suggested using brute force attacks to hack iPhone and iCloud accounts. But Apple didn’t do anything about it until after someone exploited the flaw.

Apple didn’t have this simple blocking procedure in place when the celeb’s pictures were stolen so hackers could simply run a password guessing program over and over again until it found the celebrity’s iPhone passwords. And since the iPhone password is usually the same password used to access iCloud accounts (Apple support actually recommends you use the same Apple ID for both) …well, it’s pretty easy to put two and two together here.

Apple does allow users to set up a more secure process they call two-step verification (sometimes known as two-stage authentication) where it sends a text message to your iPhone when you try to log into your account and you have to enter that code number as well as your password. This helps mitigate hacking attempts since a hacker would need to have both your password and your iPhone. But this security feature is not implemented by default and according to some reports it actually takes days to activate.

In fact there all sorts of security things in the world of Apple that aren’t activated unless the user goes out of their way to set them up and there are other things that could be risky that are activated by default and also require user intervention to turn them off.

Now if all those silly celebs had used better passwords and gone through all the steps necessary to activate two-step verification then perhaps none of this would have happened. Maybe they didn’t read the manual carefully enough…oh wait, the iPhone user guide doesn’t actually mention two-step verification anywhere. Well that’s not Apple’s fault is it?



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for more years then he cares to admit.


More

The top antivirus programs for your iPhone

With the launch of new age smartphones, security risks have literally increased tenfold. Hackers and malware developers are doing their best to crack into your phone and mess it up or steal all the data. And with the new technologies being used in modern smartphones, this has become extremely easy. So today we will take a look at some of the top antivirus software you can use on your iPhone for better security. Read on to find out more. McAfee Mobile Security McAfee is considered as the perfect security tool for your iPhone if you want to keep nosy family members and friends away from the...

IoT, its future and its impact on our lives

A radical change in our lives brought about by the Internet of Things – An overview

How to get your business through stormy weather

Having your own business is very rewarding in many ways, but it comes with a price. When you run your own business, no matter how big or small, you are responsible for yourself and the people that you employ, there is no monthly paycheck unless you provide for it. That is why having a solid financial base is crucial to keep your business alive if or when the going gets rough. There are lots of reasons your income or turnover could slack, not the right season, the economy is slow, there is a new and better product on the market or even new competition. In most cases, if you play your cards...