Apple CEO Tim Cook Promises Major iCloud Security Improvements

Illustration for article titled Apple CEO Tim Cook Promises Major iCloud Security Improvements

Apple CEO Tim Cook has spoken out for the first time since hackers leaked hundreds of nude celebrity photos off iCloud last week. The good news: there are very real security improvements coming to iCloud in as little as two weeks.


In an interview with The Wall Street Journal, Cook acknowledges that the iCloud accounts of targeted celebrities were compromised when hackers correctly guessed the answers to their security questions to obtain their passwords, or when they were victimized by a phishing scam. Reiterating a statement that Apple put out earlier this week, Cook emphasized that none of the Apple IDs and password leaked from the company's servers.

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."

Here is what Apple is going to do to protect your data, says Cook:

  • Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for restoring iCloud data.

This, as we pointed out, has long been a glaring hole in iCloud's security. Mashable's Christina Warren was able to exploit the same flaw to hack her own iCloud account.

  • As part of iOS 8, the next version of its mobile operating system due out later this month, two-factor authentication will also cover access to iCloud accounts from a mobile device. Apple said a majority of users don't use two-factor authentication, so it plans to more aggressively encourage people to turn it on in the new version of iOS.
  • Apple will sending these notifications in two weeks. The new system will allow users to take action immediately, including changing the password to retake control of the account, or alerting Apple's security team. [The Wall Street Journal via 9to5 Mac]



I understand the need for ever-increasing security, but a lot of this comes down to making it a company's responsibility to babysit us security-wise? If all this is to avoid a "hacker" guessing your password, people have simply been ignoring password advice literally decades old. If "JLaw" took pics of her tits and protected it with the name of her last movie half-spelled with numbers (it had to be something simple, right?) she's both too stupid to own the technology and deserved what happened.