Tim Cook, CEO of Apple, has addressed concerns about the alleged iCloud security flaws in an interview with The Wall Street Journal.
He discussed iCloud and the recent celebrity phone hacking scandal and said that it wasn’t directly down to security flaws in iCloud, but rather that passwords for the accounts were obtained through phishing scams or correctly guessing the answers to security questions – quite easy to do when celebrities talk about their lives in interviews. Cook believes that the security breaches were made through the human element of the system, rather than complex techniques.
However, it doesn’t mean Apple will be doing nothing. In future, Apple will notify the user when someone tries to log into their account from another, unrecognized device. The notification will come in the form of a push notification and email, and should be up and running within two weeks.
More will also be done to emphasize the use of and improve the reach of two-factor authentication (a security check in the form of a temporary 4-digit security code sent via SMS) to make sure that more of users’ data is protected. On the next version of iOS, two-factor authentication will extend to logging into iCloud from a mobile device.
Many users don’t use two-factor authentication, so Apple plans to more fervently encourage users to adopt the service, so that any potential hackers can’t even get to the stage where security question answers can be guessed.
Cook is right to talk about this himself, even if the issue wasn’t to do with software engineering. This close to the Apple Event, calming fears is exactly what Apple would desire for launching new products.
And if you haven’t already enabled two-factor authentication, maybe you should – just in case you get famous very quickly.