Bad, bad timing for Apple.
The latest rumours swirling round about the personal photos allegedly stolen from iCloud come at the worst time possible for Apple, with the new iPhones being announced in a week or so and the likelihood of a new payments system being introduced.
iCloud security really needs to be perceived as water tight.
Some thoughts on the latest debacle.
Personal photos are personal and the outcry about people not taking certain kinds of photos is misguided. People should be allowed to take what ever photos they want, but they do need to take responsibility in protecting them. Extra precautions are needed if the photos are of a highly personal nature, or could cause issues if they fell into the wrong hands.
It’s still not confirmed that the source of the stolen photos (stolen – not leaked or hacked), was in fact iCloud.
There has been information that a brute force vulnerability has been exposed in Find My iPhone but this has since been patched by Apple.
If this was the source of the theft, then Apple is partially to blame in that a brute force vulnerability should not have been allowed to be present – brute force attacks rely on repeatedly trying and re-trying to access an account using multiple passwords.
It looks like that the stolen photos may have been obtained by a brute force attack on accounts having weak passwords.
However, the owner of the account is also to blame by not securing their account with a strong password, or even better a strong passphrase. In the case of iCloud, it’s also possible to further protect your account with two factor authentication.
So this will reflect badly on Apple (if it is proven that iCloud was in fact compromised), but we all have a responsibility to look after our own stuff.
Do yourself a favour and get a copy of 1Password and if you’re really concerned about security, switch on two factor authentication on those primary services that support it.