Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 4, 2014, 09:19 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Tim Cook: Apple to Add Security Alerts for iCloud Users, Broaden Two-Factor Authentication




Apple will add security alerts for iCloud users, broaden two-factor authentication and make a more aggressive effort to alert users about protecting their accounts, Apple CEO Tim Cook told the Wall Street Journal in his first interview since the recent hacking incident involving celebrities' iCloud accounts.
Quote:
To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for or restoring iCloud data.
Cook said the new notifications will begin in two weeks and will allow users to take action on potential hacking immediately, allowing them to either change the password to retake the account or alerting Apple's security team. Cook echoed Apple's previous press release on the hackings, stressing that*the best prevention for future incidents are more human than technological.
Quote:
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
Apple will also broaden use of its two-factor authentication system, allowing it to also cover access to iCloud accounts from mobile devices like iPad and iPhone. Cook said the majority of Apple's users don't use two-factor authentication, so the company is planning on aggressively getting its users to turn on the feature. Cook also mentioned that had the celebrities been using two-factor verification, the hackers would not have been able to guess their security questions.

Apple has previously explored expanding two-factor authentication to some iCloud services, but an official expansion of the feature had not yet been introduced.

Article Link: Tim Cook: Apple to Add Security Alerts for iCloud Users, Broaden Two-Factor Authentication
MacRumors is offline   2 Reply With Quote
Old Sep 4, 2014, 09:22 PM   #2
0xyMoron
macrumors 6502
 
Join Date: Oct 2012
Location: California
They should have thought this ahead before the damage is already done.
This type of poor management of sensitive data reminds me of Microsoft, ie; Damage control policy, let the bad things happen then look for ways to prevent them from happening again.
__________________
Twitter
0xyMoron is offline   17 Reply With Quote
Old Sep 4, 2014, 09:25 PM   #3
haruhiko
macrumors 68030
 
haruhiko's Avatar
 
Join Date: Sep 2009
So when the so called hacker is already restoring all the data to a phone or a forensic program all we get is an e-mail telling us "hey all your dumb selfies are being downloaded by an unknown person"?
__________________
rMBP'12, iMac'08/24", Mini'09, MBP'10/15", MBA'11/13". iPhone: 6+/128/sg, 5s/64S 5/64B, 4S/64W, 4/32B, 3GS/16. iPT: 3G,1G. iPad: Air,Mini2,4,3/LTE/64 2/3G/32, 1/WiFi/16. ATV'12,'11, AEBS'09, TC'13/2TB
haruhiko is offline   14 Reply With Quote
Old Sep 4, 2014, 09:26 PM   #4
gotluck
macrumors 68040
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
Sounds good
__________________
iPad Air LTE 7.1.2 JB (T-Mobile) - GS 4 Google Edition 4.4.4 ART (AT&T) - Windows 7 PC's - PS4
gotluck is offline   6 Reply With Quote
Old Sep 4, 2014, 09:27 PM   #5
Solver
macrumors 6502
 
Join Date: Jan 2004
Location: San Jose
On most internet security systems, if someone knows your account name and the correct answers to three security questions plus the birth date you set, they can change your password and access your account. That is unless you enable extra security like 2-step verification.

Sending a warning message for any device restore is a good step. However, it would would have only warned about the restore "hack" but not stopped it. 2-step verification does.
Solver is offline   7 Reply With Quote
Old Sep 4, 2014, 09:28 PM   #6
CEmajr
macrumors 68030
 
Join Date: Dec 2012
Location: Charlotte, NC
Sounds like a typical case of users using weak passwords (which most users tend to do) and hackers using common words to guess them. Amazing that with all the attempted hacking and identity theft and such going around that people still refuse to use complex passwords and security features. Especially celebrities.
CEmajr is offline   29 Reply With Quote
Old Sep 4, 2014, 09:29 PM   #7
BasicGreatGuy
macrumors 68000
 
BasicGreatGuy's Avatar
 
Join Date: Sep 2012
Location: Atlanta, Ga.
Glad to see Apple stepping up.
__________________
The Bill of Rights is not a Bill of Loopholes.
BasicGreatGuy is offline   5 Reply With Quote
Old Sep 4, 2014, 09:29 PM   #8
wlossw
macrumors 6502
 
Join Date: May 2012
Location: Montreal, Quebec, Canada
They need to halt the restore until you authorize the action either with trusted device or secure backup key... Notification after the fact, is of questionable value...
__________________
rMBP Mid-2012 2.7/16/512, Thunderbolt Display, Iphone 6 128GB, IPAD 4th gen 64GB WiFi, IPAD mini Retina 128GB LTE 6x Apple-Tv 3rd Gen
wlossw is offline   14 Reply With Quote
Old Sep 4, 2014, 09:30 PM   #9
Swazaloo
macrumors newbie
 
Join Date: Jan 2014
Quote:
Originally Posted by 0xyMoron View Post
They should have thought this ahead before the damage is already done.
This type of poor management of sensitive data reminds me of Microsoft, ie; Damage control policy, let the bad things happen then look for ways to prevent them from happening again.
Yea and they should have thought about smoking being bad before millions of people died from it. What more do you want? They already have 2-step verification. The more alerts the better.
Swazaloo is offline   36 Reply With Quote
Old Sep 4, 2014, 09:31 PM   #10
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
What about the people whose photos were stolen from non-Apple devices? After all, this recent leak is not an Apple story at all, it's a broad Internet and cloud story.

Tim should speak on this, and Apple should improve. The rest of the industry should too.
nagromme is offline   11 Reply With Quote
Old Sep 4, 2014, 09:32 PM   #11
trevorbsmith
macrumors member
 
Join Date: Dec 2007
Quote:
Originally Posted by haruhiko View Post
So when the so called hacker is already restoring all the data to a phone or a forensic program all we get is an e-mail telling us "hey all your dumb selfies are being downloaded by an unknown person"?
Not if you enable 2-factor authentication. Then they will not be able to change your password, so they won't be able to get at your iCloud data.

Also, as the article said, Apple is also going to expand 2-factor authentication so, presumably, even if you know someone's password, you STILL won't be able to restore/slurp their iCloud backups without also having access to one of their trusted devices.

Most importantly, he points out that most of their customers CHOOSE not to use 2-factor authentication. (Which is THE CUSTOMER'S FAULT, not Apple's.) And they are going to start harassing customers to smarten up and use it.

There is nothing more Apple can do than that.
trevorbsmith is offline   16 Reply With Quote
Old Sep 4, 2014, 09:32 PM   #12
bsforever
macrumors member
 
Join Date: Dec 2008
Glad that Tim Cook himself is speaking up and Apple is actually showing responsibility by making changes to security. Old Apple under Steve Jobs would stonewall for as long as possible, hoping that the story would go away.
bsforever is offline   11 Reply With Quote
Old Sep 4, 2014, 09:34 PM   #13
trevorbsmith
macrumors member
 
Join Date: Dec 2007
Quote:
Originally Posted by CEmajr View Post
Sounds like a typical case of users using weak passwords (which most users tend to do) and hackers using common words to guess them. Amazing that with all the attempted hacking and identity theft and such going around that people still refuse to use complex passwords and security features. Especially celebrities.
That is not what happens generally.

Read the forums at AnonIB, where these "hacks" are frequent. They are just using public info to answer security questions to reset passwords so they can get access. They do not guess passwords.

Solution: enable 2-factor authentication.

----------

Quote:
Originally Posted by wlossw View Post
They need to halt the restore until you authorize the action either with trusted device or secure backup key... Notification after the fact, is of questionable value...
The article says they are expanding 2-factor auth. Presumably that means they are expanding it to prevent restores / slurping of data unless you have the password AND a trusted device.
trevorbsmith is offline   4 Reply With Quote
Old Sep 4, 2014, 09:34 PM   #14
jlake02
macrumors 68020
 
jlake02's Avatar
 
Join Date: Nov 2008
Location: L.A.
I want to set up 2 step authorization but can't remember my security question answers. (Well, I think I remember but it's not accepting them.) Apparently I don't have an emergency email with Apple so I have to call support. Thus, I keep putting it off.
__________________
iPhone 6 Plus; iPhone 6; iPhone 4S; iPad 2,3,Air, Air 2; iPod Touch 4 x2, AppleTV x2
GETSOME 1000 GETSOME Xtreme BatteryAde
jlake02 is offline   2 Reply With Quote
Old Sep 4, 2014, 09:34 PM   #15
haruhiko
macrumors 68030
 
haruhiko's Avatar
 
Join Date: Sep 2009
Quote:
Originally Posted by bsforever View Post
Glad that Tim Cook himself is speaking up and Apple is actually showing responsibility by making changes to security. Old Apple under Steve Jobs would stonewall for as long as possible, hoping that the story would go away.
"You're using it wrong. We already have 2-step verification."
__________________
rMBP'12, iMac'08/24", Mini'09, MBP'10/15", MBA'11/13". iPhone: 6+/128/sg, 5s/64S 5/64B, 4S/64W, 4/32B, 3GS/16. iPT: 3G,1G. iPad: Air,Mini2,4,3/LTE/64 2/3G/32, 1/WiFi/16. ATV'12,'11, AEBS'09, TC'13/2TB
haruhiko is offline   4 Reply With Quote
Old Sep 4, 2014, 09:36 PM   #16
trevorbsmith
macrumors member
 
Join Date: Dec 2007
Quote:
Originally Posted by bsforever View Post
Glad that Tim Cook himself is speaking up and Apple is actually showing responsibility by making changes to security. Old Apple under Steve Jobs would stonewall for as long as possible, hoping that the story would go away.
Tim Cook is a fantastic CEO this way. He has done a great job at saying "hey, we screwed up" when they have (and even if they haven't), and saying "hey, we agree, things could be better and we're going to make sure they are."
trevorbsmith is offline   21 Reply With Quote
Old Sep 4, 2014, 09:36 PM   #17
bsforever
macrumors member
 
Join Date: Dec 2008
Quote:
Originally Posted by haruhiko View Post
"You're using it wrong. We already have 2-step verification."
😂 good one sir.
bsforever is offline   0 Reply With Quote
Old Sep 4, 2014, 09:39 PM   #18
AngerDanger
macrumors 65816
 
AngerDanger's Avatar
 
Join Date: Dec 2008
Location: doing the Dada Polka
Broaden two-factor authentication? Could this perhaps mean THREE-factor authentication?! That's 1.5x as many authentication factors!
AngerDanger is offline   4 Reply With Quote
Old Sep 4, 2014, 09:39 PM   #19
PocketSand11
macrumors 6502a
 
PocketSand11's Avatar
 
Join Date: Jun 2014
Location: ~/
2-step authentication? Just use a private key (a.k.a. password) that's strong. It's mathematically proven. Your own stupid fault if you make your password weak. Edit: And you shouldn't be able to reset it, at least not merely by answering a few security questions. Someone pointed this out to me, and it's a really big flaw.
__________________
'08 MP, '09 MBP, JB iPhone 5
Fun fact: iPhone 5 aspect ratio = 640/1136 ≈ .5634. 9/16 = .5625. 639/1136 = .5625. Its screen is exactly one pixel too wide to be 9:16.

Last edited by PocketSand11; Sep 4, 2014 at 10:04 PM.
PocketSand11 is offline   1 Reply With Quote
Old Sep 4, 2014, 09:42 PM   #20
petsounds
macrumors 65816
 
Join Date: Jun 2007
Quote:
Originally Posted by wlossw View Post
They need to halt the restore until you authorize the action either with trusted device or secure backup key... Notification after the fact, is of questionable value...
I believe that's exactly what will happen if you have 2-factor auth turned on for your account and running iOS 8. 2fa will apply to iCloud backups in iOS 8.
petsounds is offline   0 Reply With Quote
Old Sep 4, 2014, 09:42 PM   #21
bsforever
macrumors member
 
Join Date: Dec 2008
Quote:
Originally Posted by wlossw View Post
They need to halt the restore until you authorize the action either with trusted device or secure backup key... Notification after the fact, is of questionable value...
good idea. a restore needs more than just a password, maybe add the one time 4-digit code on another device or the recovery key
bsforever is offline   1 Reply With Quote
Old Sep 4, 2014, 09:45 PM   #22
Sonmi451
macrumors 6502
 
Join Date: Aug 2014
Location: in my Tesla Model S
Good to see Apple implementing tighter security and notifications for failed attempts. That should at least help out a little.
Sonmi451 is offline   1 Reply With Quote
Old Sep 4, 2014, 09:47 PM   #23
christarp
macrumors regular
 
Join Date: Oct 2013
Quote:
Originally Posted by haruhiko View Post
So when the so called hacker is already restoring all the data to a phone or a forensic program all we get is an e-mail telling us "hey all your dumb selfies are being downloaded by an unknown person"?
What else can they do? Not have backups?
christarp is offline   2 Reply With Quote
Old Sep 4, 2014, 09:48 PM   #24
Vanilla Face
macrumors regular
 
Join Date: Aug 2013
Quote:
Originally Posted by 0xyMoron View Post
They should have thought this ahead before the damage is already done.
This type of poor management of sensitive data reminds me of Microsoft, ie; Damage control policy, let the bad things happen then look for ways to prevent them from happening again.
They did think of this before the damage was done. A year and a half ago Apple released 2-step verification. Had those celebrities enabled 2-step verification, this wouldn't be an issue.

Everyone should have 2-step verification enabled, but especially people who are in the public's eye. Those people should be very security conscious. In addition, their PR reps and agents should have ensured security steps were taken. The blame is almost entirely on the celebrities, Apple offered them the tools necessary to protect their data.
Vanilla Face is offline   7 Reply With Quote
Old Sep 4, 2014, 09:48 PM   #25
haruhiko
macrumors 68030
 
haruhiko's Avatar
 
Join Date: Sep 2009
Quote:
Originally Posted by trevorbsmith View Post
Tim Cook is a fantastic CEO this way. He has done a great job at saying "hey, we screwed up" when they have (and even if they haven't), and saying "hey, we agree, things could be better and we're going to make sure they are."
Apple is in really good shape now and we can gradually seeing Tim Cook to steer the giant ship Apple towards better directions, waking up from the chaos (if we could call that) in 2011-2012 after Steve Job's death.
__________________
rMBP'12, iMac'08/24", Mini'09, MBP'10/15", MBA'11/13". iPhone: 6+/128/sg, 5s/64S 5/64B, 4S/64W, 4/32B, 3GS/16. iPT: 3G,1G. iPad: Air,Mini2,4,3/LTE/64 2/3G/32, 1/WiFi/16. ATV'12,'11, AEBS'09, TC'13/2TB
haruhiko is offline   3 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -5. The time now is 07:33 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC