In the wake of the stolen celebrity photos, many people were quick to point out the flaws in Apple’s confusing iCloud system. Although it’s unknown exactly how the photos were obtained, it’s widely assumed that the photos were lifted from the cloud, since at least one of the celebrity victims said that the photos had been deleted from her device years ago.
There were many theories about how this wide scale theft of digital property was accomplished. The Find My iPhone App previously allowed an infinite number of password entries for users without locking them out of their accounts. This was deemed the “iBrute” bug as there was a scripting method of exploiting this by obtaining “brute force” entry into accounts. (More on that at End Gadget) Apple seemed to tacitly acknowledge that this was an oversight as this bug was patched on Monday. Users of the Find My iPhone app are now allowed only five attempts to remember their password before the account is locked.
Now Apple has issued a statement regarding the hacking, and it’s disappointing. They seem to say there’s nothing they could have done and that this is in no way due to a bug or flaw in their system.
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
[via Business Insider]
I understand that Apple has legal reasons why they can’t admit responsibility in any way, and that they need to reassure their millions of users that our data is secure in the cloud and we have nothing to worry about. This statement is disappointing to me, as it seems to place the blame on the victims. It seems to suggest that it’s the celebrities’ fault for not using their double security system, instead of admitting that their system was at the least unclear to users. It really does sound like it’s something that could have been prevented on their end, given the fact that Find My iPhone was vulnerable to scripting programs. Of course the hackers are ultimately responsible and I hope they are prosecuted in a reasonable way that’s in no way a knee jerk response. (Yes this was a crime and a gross violation of privacy, but I’m conflicted because some hackers are prosecuted to an extent that in no way fits the crime.)
I would like to add a personal anecdote about how frustrating apple products can be. Earlier this year, I got an iPhone and quickly filled it up with photos and videos. Around that time I also made the switch to using a macbook as my primary computer. I used to work as a web designer, I’m very tech savvy and I know basic coding. The process of getting the photos and videos from my phone onto my computer is still unknown to me. I connected my phone, the photos went into a “library” on iPhoto, and then the library would no longer open. I downloaded another app to open the corrupted library, so now I can see the photos from that one app, but it’s unclear where the photos actually are or how to export them to another device. I have googled this several times and have given up for now. I have similar issues with iTunes. It’s hard to know what’s on my phone and what’s on my computer and where it’s stored.
Apple may be technically “easier” to use but it’s not transparent to users at all. I feel for these female celebrities who assumed their personal photos were deleted and/or secure. Apple gives the impression that their products are not as vulnerable to hackers or viruses as PCs. As we’ve learned, that’s not always the case.
photo credit: WENN.com and FameFlynet. I believe Kirsten Dunst is carrying a blackberry in this photo from 2011. Photo of Kate Upton, Leslie Mann and Cameron Diaz is from the set of The Other Woman.
Here is the original post:
Apple on the hack: ‘our systems weren’t breached, this was a targeted attack’