Apple pushes security and privacy credentials after iCloud hack

Apple assures users it takes privacy seriously, expanding two-factor authentication for its iCloud backup after celebrity photos were leaked online

Apple has expanded its use of two-factor authentication to its iCloud backup service two weeks after celebrity iCloud accounts were compromised and private photos leaked online.

Although the company said iCloud security was not breached, within days of the leaks Apple announced it would take additional steps to keep hackers out of users' accounts.

Private photographs of celebrities such as Jennifer Lawrence (pictured) were obtained in a “carefully targeted attack on user names, passwords and security questions”, Apple said in a statement.

Security commentators called for Apple to expand its two-factor authentication facility to cover all services, to prevent hackers from using stolen credentials or automated tools to access accounts.

Apple’s two-factor authentication system requires a one-time passcode or long access key, in addition to username and password to access an account.

The system will protect users against attacks using automated tools. One such – Elcomsoft’s Phone Password Breaker – has been named as the likely method used to leak the celebrity photos, reported the BBC.

Despite calls for Apple to make two-factor authentication mandatory or at least enable it as the default, the extra security facility remains optional, requiring users to turn it on.

Read more about cloud security

However, Apple has also introduced alerts that are sent to users as soon as an iCloud back-up starts downloading, even if two-factor authentication is not turned on.

After the photo leaks, Apple chief executive Tim Cook told the Wall Street Journal the company planned to “aggressively encourage” people to use two-factor authentication and stronger passwords.

In an interview with the paper, Cook acknowledged that Apple could have done more to prevent the attack on female celebrities' accounts.

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he told the publication. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."

NSA spying scandal

At the same time as introducing extra technical security measures, Apple has published a 43-page white paper and added a section to its website explaining how the company approaches security and privacy.

The move appears to form part of Apple’s efforts to distance itself from the NSA spying scandals, revealed by whistleblower Edward Snowden, which have been linked to several top US technology firms.

Reports based on documents leaked by Snowden allege that NSA had "backdoor" access to the servers of nine major technology companies.

Market commentators believe the move is calculated to assure users as Apple launches its payment business and iOS8 operating system, which allows users to store data about their health.

Apple users' data

The white paper emphasises that Apple’s business model is based on selling products to users, rather than building up a detailed picture of their preferences to sell to advertisers, reports The Telegraph.

According to an open letter by Tim Cook, Apple protects users’ privacy with strong encryption, plus strict policies that govern how all data is handled.

“Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services like Apple Pay,” Cook wrote.

According to Cook, Apple believes in telling users exactly what is going to happen to personal information, asking for users’ permission and allowing users to change their minds.

“Every Apple product is designed around those principles. When we do ask to use your data, it’s to provide you with a better user experience,” he said.

Cook concludes by re-iterating that Apple has never allowed government agencies routine access to its servers via a back door, and “never will”.

Read more on Privacy and data protection