backtop


Print

New feature makes it harder to gain unauthorized access and offers warnings in the case of a potential breach

The recent hack of celebrities' iCloud accounts was all too familiar to Gizmodo blogger Matt Honan.  He fell victim to hacker trolling in mid-2012, with his attackers exploiting password recovery options for Apple, Inc.'s (AAPLrecently launched iCloud.  
 
At the time, users could recover their iCloud password by inputting the last four digits of their credit card on file.  After the Honan incident, Apple promised to beef up security.  In March 2013 it updated the iCloud to support two-factor authentication -- the first factor being your Apple ID account password and the second factor being a four-digit passcode sent to a trusted mobile device.
 
The approach was promising but few users embraced it.
Apple two step
Apple's 2-step ID verification.

In an interview with The Wall Street Journal, Apple CEO Timothy Cook defended his company's security record, while offering up a mea culpa of sorts, saying that it perhaps could do more to prevent intrusions like the celebrity photo leak.  In the interview, Mr. Cook mentioned some upcoming security changes to the iCloud.  Now true to his word those changes have been officially unveiled.
 
The first (and smallest) change will be new notifications.  Apple is now posting reminders to users on iCloud, encouraging them to use two-factor authentication.  The devicemaker has also activated new warning emails, which are sent to the user's email account whenever a browser iCloud login is detected from an unfamiliar location.  The alert works without any special user settings and works even if the user hasn't activated two-factor authentication.
 
For some users the warning might be a dead giveaway of malicious activity, as many users only interact with the iCloud on a daily basis using their mobile devices.  Depending on how fast the email alert is received, users might have time to lock their account before the intruder is able to obtain many files.
 
It also just posted details on a new feature to add further security -- app-specific passwords.

iCloud

While it's still unclear how exactly hackers obtained access to celebrity accounts in the most recent hack, one potential weakness was the iCloud's link to third party applications.  Since the launch of the iCloud in Oct. 2011 Apple has allowed users to give permissions to third party apps.  Users, for example, could use the Facebook.com, Inc. (FB) iCloud app to back up their iCloud images.
 
The downside was that hackers didn't necessarily even need to get access to your Apple ID or password for your Apple account in order to snatch your photos.  In many cases it would be enough simply to gain a password to a trusted third party app or platform (e.g. Facebook) via phishing, then request a photo backup.  Given how easy it is to set up a page that looks like Facebook's login page, that's a dangerous possibility.
 
Now that will be much harder to exploit third party apps for access as users can set a password that will be prompted every time you log in third party app.  While it's easy enough to set up a fake Facebook page, it would require much more impressive skills to code up a fake Facebook page that also contained a fake iCloud app interface and login prompt which was convincing enough to make a user believe it was real.

iCloud

The app password feature will be activated on Oct. 1.  Users will be able to store up to 25 unique app passwords.

Finally, Apple also expanded support for two-factor authentication to additional regions. Initially the technology was only supported in five countries; now it is supported in 59 nations.

Sources: Apple, via BGR





"Death Is Very Likely The Single Best Invention Of Life" -- Steve Jobs



Latest Headlines










botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki