04 September 2014

iCloud nude leak is very much Apple’s fault: Opinion

Steve Jobs showing off iCloud back in 2011 when it was first announced. Security was said
 
Steve Jobs showing off iCloud back in 2011 when it was first announced. Security was said to be paramount. Source: AP
 
OPINION: Apple has released a statement suggesting all customer data on the iCloud storage system is safe and the recent attacks on celebrity phones were targeted. But I’m not convinced. 

In the statement, which lawyers would have combed through extensively, Apple said: “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the internet.

“None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

Targeted attacks? Sure, these attacks against high-profile celebrities were targeted, but there is a clear flaw that has been and will continue to be used against anyone’s iCloud accounts, not just the rich and famous.

Apple refuses to fix this flaw, continuing to use the same login steps that were compromised despite acknowledging that it is common practice.

It is so easy for anyone’s iCloud account to be hacked that I managed to find the answers to a friend’s account security questions within 30 minutes. From here, I could have easily accessed everything on his iCloud — which includes iMessages, contacts, images and videos.

No, I’m not a hacker. I got my mate’s permission to try to find the answers to his security questions.

The two simple questions I had to answer.
The two simple questions I had to answer. Source: NewsComAu
 
Since he is my friend, I already knew one of the answers, but I searched online for this information, and it was publicly available — so anybody could have accessed it. Answers to both security questions were found on social media. One, on his public Twitter profile, and the other on his private Facebook profile. All I needed to do was follow him, something that doesn’t require his permission. From there, I could see the answers needed in his pictures. Without his knowledge, his digital profile is vulnerable.

While they are fair conditions, the red graphic makes them seem more like warnings.
While they are fair conditions, the red graphic makes them seem more like warnings. Source: NewsComAu
One easy fix for all this should be two-step authentication. This is a process that involves verifying a login via a second method, usually a code in a text message.

Apple does have an option for this, but not only does it not encourage users to use it, it makes it stupidly difficult to activate. But two-step authentication isn’t even forced when logging into iCloud online. This renders it pointless for pretty much anything but purchases.

So as it stands, Apple holds your data in an unsecure way. And the tech giant doesn’t appear to be in a rush to fix this gaping security flaw to make us and our private information safer.

News.com.au has repeatedly approached Apple for a comment but is yet to receive a response.

news.com.au 4 Sep 2014

In light of this information people are still supporting this company?

The company should be taken to court and sued for millions per customer.

No comments: