Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Apple Ramps Up iCloud Defense Against Hackers: Report

SAN FRANCISCO – Apple is ramping up iCloud defenses in the aftermath of hackers swiping nude photos of celebrities from the online digital vault, the Wall Street Journal reported late Thursday.

SAN FRANCISCO – Apple is ramping up iCloud defenses in the aftermath of hackers swiping nude photos of celebrities from the online digital vault, the Wall Street Journal reported late Thursday.

The Journal quoted Apple chief executive Tim Cook as saying iCloud accounts of film stars including Jennifer Lawrence were looted by hackers who used tactics such as correctly answering security questions to obtain passwords, or tricking victims into revealing user IDs and passwords with ruses referred to as “phishing” scams.

In coming weeks, Apple will start sending people alerts when attempts are made to change passwords, restore iCloud data to new devices, or when someone logs in for the first time from a new Apple gadget, the Journal reported.

Tools will be in place for legitimate users of accounts to seize back control. Cook was quoted as saying that Apple also wants to make people more savvy when it comes to guarding against hackers with strong passwords and other techniques.

“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook was quoted as saying. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”

Apple will expand the use of “two-factor authentication,” which requires someone trying to access an account to augment a password with something else such as a temporary code sent by text message to the account holder’s mobile phone.

Apple said Tuesday a “targeted attack” led to the release of nude photos of celebrities including Oscar winner Lawrence but insisted there was no breach of its cloud storage system.

The admission came as experts and lawyers said the hack was a wake-up call about the dangers posed by technology to people’s privacy, whether they are stars or not.

“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” Apple said.

“None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

The Federal Bureau of Investigation confirmed it was investigating.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.