iCloud hacking alerts “coming soon”
Apple will warn users via push notifications when someone tries to add a new device to their account, restore data, or change a password.
Apple CEO Tim Cook told The Wall Street Journal that the changes will be coming in two weeks’ time, and users will be able to respond by changing their password or alerting Apple to a possible breach.
The move comes following several high-profile cases of celebrities having their iCloud accounts compromised and intimate photos leaked online. Despite claims the cloud-storage service had been compromised via brute-force hacking, Cook confirmed the two alternative theories put forward by security researchers: that at least some victims fell for phishing scams, leading them to hand over their username and password unwittingly, or their passwords had been reset by answering security questions.
In addition to push notifications to the user’s iPhone or iPad, Apple will also be putting greater emphasis on two-factor authentication, which the majority of users don’t use.
Cook said it will be more aggressively turned on in iOS 8, which is expected to launch in the coming weeks, and it will be incorporated into services where it is currently absent.
“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook told The WSJ.
“I think we have a responsibility to ratchet that up. That’s not really an engineering thing,” he added.
4chan cracks down on illegal media
4chan, the anarchic message board where many of the photos first publicly appeared, has announced it will start complying with the US Digital Millennium Copyright Act following the incident.
The service had previously circumvented the legislation, because content often “expires” within a couple of hours and becomes unavailable. However, it has always acted to remove images of child abuse.
In an announcement posted on the website, the administrators said 4chan would now act in accordance with DMCA procedure.
If someone believes “content residing on or accessible through [the] company’s websites or services infringes a copyright”, they must send 4chan a notice of copyright infringement.
Once such a notice has been received, the site’s new policy is to remove or disable the content in question and notify the person who posted it that it’s been removed. Repeat offenders will be barred from the site.
However, the poster will have the opportunity to respond if they believe they’re the original owners of the content, or if they think they have been given permission by the rights-holder to reproduce it.
Whether or not this policy would have helped the most recent victims, however, is debatable. It appears most of the celebrities and their agents only became aware of the breach once their photos had spread beyond the platform. Additionally, the images were allegedly being privately traded for some time before they were posted on 4chan.