This week’s news about celebrities’ personal photos being stolen from their iCloud accounts would be irritating Apple ahead of their September 9 media event.
Unfortunately for Apple they seemed to have walked into this by making things convenient for users rather than enforcing strong security measures.
As Arik Hesseldahl in Re/Code describes, this breach was probably due to Apple not encouraging two factor authentication and not limiting the number of password guesses.
The latter is particularly irritating as it shouldn’t be hard for a system to pick when a brute force attack — a computer guessing a password millions of times a second — is being staged against a user.
It’s also trivial to limit the number of guesses as most other services do.
For users, the best protection is to have complex passwords which reduces the effectiveness of brute force attacks. It’s also worthwhile being careful with your personal nudie photos.
The consequences of having your iCloud account compromised are more than just losing your embarrassing photos, Wired’s Mat Honan had his entire digital life hijacked through this method two years ago.
With Apple aspiring to control the smarthome and smartcar markets, the consequences of accounts being breached becomes exponentially greater. These are issues Apple and the rest of the internet of things industry need to take seriously.
Hopefully at Apple’s big media event next week, some brave journalist will stand out of the assembled masses of sycophant hacks and ask CEO Tim Cook some hard questions about security on the shiny new iDevices.
Yes, but why only for IoT, and not for your ( nude or not nude) photos and other private or company private stuff
Cees Lanting
Crikey Cees, I’m not saying any security is trivial. Your points are totally correct.
My point is that if Apple are going to play a big role in the consumer IoT space, the consequences of security breaches becomes even greater. Personally I think Apple should have had these relatively straightforward measures bolted down years ago.