14 DAY TRIAL // Apple has confirmed that the nude pictures of celebrities leaked 6 days ago were taken from their iCloud accounts. Admitting the failure, Apple also said that iCloud was not breached, but rather the hackers got access to individual accounts using social engineering methods and targeted phishing attacks.
In his first interview after the so-called Celebgate, Apple's CEO Tim Cook explains the steps the tech giant is going to take in order to prevent this kind of issues in the future. According to the Wall Street Journal, Apple plans additional steps to keep user accounts out of hackers' reach.
At the same time, the company says it has no apparent fault in the iCloud fiasco because the bad guys targeted specific accounts, not the system itself.
The Wall Street Journal reveals Tim Cook's theory on Celebgate. According to the big head of Apple, hackers correctly answered security questions to obtain their passwords. They also sent phishing emails to their victims to get their user IDs and passwords. None of the leaked passwords were coming from Apple's servers, he added.
Apple's strategy to prevent such issues is to implement more notifications to the users of iCloud. For example, when someone tries to change an account password, the user will get push notifications on their mobile phones and an email alerting about that. The same will happen when someone tries to restore iCloud data to a new device or when such a device logs into an account for the first time.
Currently, the iCloud users only get one email if someone tries to change the password or a new device is registered. No push notifications are in place for all of the above. Apple will start using this system sometime in the next two weeks.
Users will have the option of acting immediately if they suspect someone else has broken into their account. They can change the password immediately to prevent the account from being taken over and they can also alert Apple's security team.
On the other hand, Tim Cook believes that the future security measures depend on the users themselves. "When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," Tim Cook said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
Apple's CEO also pointed to the Touch ID security features that, if used properly, would protect any user from intruders. The Cupertino, California-based tech giant will work to extent the cover of their two-step authentication system. Currently, that protection does not cover the iCloud backups and Photo Streams.