Apple introduces two factor security to the iCloud after celebrity hacks
In response to the celebrity iCloud hacks, in which private photos of celebrities were dispersed on the internet, Apple has responded by adding two factor password security to their online backup system. This move is a needed step in the right direction as people are increasingly uploading their personal files online and are requiring that those items be secure and protected from malicious intent. Tim Cook, CEO of Apple, commented that while unfortunate, the celebrity iCloud hacks have influenced the company to make improvements.
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," said Cook, reported the BBC.
Two factor security requires that users first enter their standard password into the system. If the first password is correct, a four digit security code is sent to one of the user's devices. The user then enters that code to gain access to iCloud. Another new feature that Apple introduced recently is user's receiving an email whenever copies of back-up data start downloading. In the event that the four digit code is not entered, the user does not gain access to the back-up data. Alan Woodward, professor from the University of Surrey, believes that two factor security must become the new standard.
"We've seen so much in recent times that single-step verification – i.e. passwords – is vulnerable, we're at the stage that two-factor authentication should be the default," said Woodward.
If for some reason the user is unable to enter the four digit code, there is an additional 14 digit access key that is generated by Apple which user's should have stored somewhere safely. A key concern that has been brought up however, is that if a user loses their device and the 14 digit key as well, there will be virtually no way to gain access to their files.
Apple previously employed two factor security, but not with regards to the iCloud. That means that even if celebrities had set up two factor security, their personal files may still have been accessed by hackers. With the new changes, the only feature accessible on iCloud will be the Find My iPhone application, allowing users to deactivate or delete information on their personal devices remotely, in the case of theft or misplacement. As explained in Appleinsider, all other features, besides Find My iPhone, will be disabled without the second authentication.
Apple is certainly an innovator in the technology field and these added security measures might translate into more companies and service providers upgrading their security to two factor authentication.
Hacker software made obsolete
One immediate benefit, now evident, is that the software Phone Password Breaker by Elcomsoft has become essentially useless. Pirated copies of Phone Password Breaker were used by nefarious hackers to orchestrate a brute force hack on Apple accounts, essentially bombarding iCloud with countless username and password combinations in order to find the right authentication credentials. Owner of Elcomsoft, Vladimir Katalov, told the BBC in early September that his software was probably the one used in the celebrity iCloud hacks. He added that his software was now unable to even locate a list of devices and back-ups linked to a user's account and believes there is no way around the added security.
"The other security improvement, which I like, is that now the owner of the Apple account gets a notification by email immediately when a back-up starts downloading – whether or not two-factor authentication is enabled," added Katalov.