Apple CEO Tim Cook Promises Major iCloud Security Improvements

By Pranav Dixit on at

Apple CEO Time Cook has spoken out for the first time since hackers leaked hundreds of nude celebrity photos of iCloud last week. The good news: there are very real security improvements coming to iCloud in as little as two weeks.

In an interview with The Wall Street Journal, Cook acknowledges that the iCloud accounts of targeted celebrities were compromised when hackers correctly guessed the answers to their security questions to obtain their passwords, or when they were victimised by a phishing scam. Reiterating a statement that Apple put out earlier this week, Cook emphasised that none of the Apple IDs and password leaked from the company's servers.

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing," he said.

Here is what Apple is going to do to protect your data, says Cook:

  • Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for or restoring iCloud data.

This, as we pointed out, has long been a glaring hole in iCloud's security. Mashable's Christina Warren was able to exploit the same flaw to hack her own iCloud account.

  • As part of the next version of its iOS mobile-operating system, due out later this month, [two-factor authentication] will also cover access to iCloud accounts from a mobile device. Apple said a majority of users don't use two-factor authentication, so it plans to more aggressively encourage people to turn it on in the new version of iOS.
  • Apple will sending these notifications in two weeks. The new system will allow users to take action immediately, including changing the password to retake control of the account, or alerting Apple's security team. [The Wall Street Journal]