Apple CEO Tim Cook has spoken with the WSJ to address concerns following this week's leak of nude celebrity photos that were stolen from their iCloud accounts.
The company previously reported that iCloud was not breached and the photos were accessed by hackers who correctly guessed the security questions set by the celebrities or used a phishing scam to obtain their account details. However, Cook said Apple would take more steps to notify users that such activity may be taking place.
To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for or restoring iCloud data.
Apple plans to start sending these notifications in two weeks. The new system will also allow users to take immediate action, including changing their password to regain control of their account or alerting Apple's security team.
Cook also plans to boost awareness. "When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
Apple also plans to encourage its users to implement two-factor authentication. That would require a hacker to have two of three things to gain control of an account: a password, a separate four-digit one-time code, or a long access key given to the user when they sign up. Notably, iOS 8 will be able secure iCloud accounts with two-factor authentication as well as iTunes accounts.
Cook also indicated that Apple is working with law enforcement to identify the hackers. "We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are," said Mr. Cook.
To learn more about two-factor authentication, click here.
Read More
The company previously reported that iCloud was not breached and the photos were accessed by hackers who correctly guessed the security questions set by the celebrities or used a phishing scam to obtain their account details. However, Cook said Apple would take more steps to notify users that such activity may be taking place.
To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for or restoring iCloud data.
Apple plans to start sending these notifications in two weeks. The new system will also allow users to take immediate action, including changing their password to regain control of their account or alerting Apple's security team.
Cook also plans to boost awareness. "When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
Apple also plans to encourage its users to implement two-factor authentication. That would require a hacker to have two of three things to gain control of an account: a password, a separate four-digit one-time code, or a long access key given to the user when they sign up. Notably, iOS 8 will be able secure iCloud accounts with two-factor authentication as well as iTunes accounts.
Cook also indicated that Apple is working with law enforcement to identify the hackers. "We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are," said Mr. Cook.
To learn more about two-factor authentication, click here.
Read More