In the wake of a high-profile leak of suggestive celebrity photos from Apple’s iCloud mobile backup servers, Apple now says it will take concrete steps to tighten security.
After saying earlier this week, in effect, that the leaks were the result of normal, everyday web mischief and not necessarily security vulnerabilities in iCloud, Apple CEO Tim Cook told the Wall Street Journal Thursday that his company indeed could have done some things differently to prevent the leaks.
Apple has a major announcement coming next Tuesday, so the company is under pressure to shut down the celeb photo controversy in a hurry.
And Cook’s comments today may do the job. “We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are,” he told the Journal.
Most importantly, Cook laid out some specific security changes to Apple products that will begin rolling out in as little as two weeks.
He explained that hackers were able to access the iCloud accounts of certain celebrities by answering security questions to obtain user names and passwords. In other cases, Cook says, accounts were compromised when users divulged user names and passwords to hackers as a result of phishing schemes.
So Apple will soon begin sending push notifications to iCloud account holders if somebody is attempting to change account credentials, put iCloud data on a new device, or log into the account for the first time.
Right now Apple alerts iCloud users of these security events, but usually through email, not push notifications, the WSJ report says.
The new notification system will allow a user to immediately change her password or contact Apple’s security team if someone is trying to break into the account.
Cook said his company could have been more proactive in educating users about the dangers of hackers and about the importance of strong account credentials.
“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook told the Journal. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”
Cook said Apple would begin using two-factor authentication in its products. Users, he said, will have the option to turn on the feature in the new iOS 8 operating system, which would require them to use a username/password plus one other security code to log into iTunes with a new device.
Cook said the two-factor security feature will also be available for iCloud mobile backup accounts.
He believes two-factor authentication would have prevented the hackers from stealing the celebrity photographs.
Nude pictures of actress Jennifer Lawrence and other iPhone using celebrities began showing up on the web last week. Pressure on Apple has grown steadily this week as media and privacy advocates have pointed toward iCloud security as the reason for the leaks.