Certain celebrity nudes were leaked this month from their iCloud accounts and the media caught up on the subject saying that the attacks were targeted, brute-force attacks that exploited Apple’s iCloud platform in order to log in to the affected accounts. Apple had released a statement that iCloud was not to be blamed for the leaked images, rather they said that two-step authentication and strong passwords should be used by iCloud clients.
Apple has been trying to stabilize all the rumors surrounding iCloud security and the overall security of Apple devices. With the launch of Apple Pay, security will become the main concern for users because storing your financial information on your device is a risky operation. Apple says that the NFC chips that are built into the Apple Watch, iPhone 6 and iPhone 6 Plus will be as secure as possible, permitting nobody, not even Apple, to access your information or purchase history, for that matter. The iCloud scandal has brought a lot of negative publicity for Apple and it seems like the company just shot itself in the foot with their statement about the iCloud platform being secure.
New reports say that the iCloud flaw hackers had exploited in order to get their hands on celebrity nude photos had been there for 6 months before the photos got leaked. Presumably, Apple had received various reports from users saying that the lock-out policy of their iCloud account was compromised and iCloud passwords could be easily obtained through brute force attacks. These attacks essentially mean that one tries thousands of passwords repeatedly, until they get the correct one and they can log in to iCloud.
After the celebrity nudes were leaked, Apple was quick to change the lock-out policy of iCloud accounts, and that’s why this new information took rather long to come to light. Nonetheless, it is said that even though Apple knew about the iCloud vulnerability, they didn’t act on it and implemented the new lock-out system far too late. We don’t know why the company would choose to ignore security warnings coming from users who had noticed that their accounts weren’t secure. If the company had listened to these reports, all the iCloud scandal might have been averted.
Seeing as Apple was late to act on security concerns about iCloud, the new information puts the company in a rather bad light. Independent security researchers have published conversations had with Apple and iCloud support, which prove that the company acknowledged the existence of a problem with iCloud, yet refused to remedy it. We are waiting on a response from Apple, but we suppose there’s not much the company can do at the moment to fix the black spot this revelation created on the iCloud reputation and company reputation as well.