Over the past few weeks, more and more news has come out about Apple’s role in the iCloud celebrity photo leaks.
In spite of that fact, many people continue to blame Jennifer Lawrence, Kate Upton, and other celebrities for having the audacity to take pictures of themselves.
That’s wrong. There are only two people at blame in this situation: the hackers for perpetrating the act and Apple for being complicit.
Here are 5 reasons why you should stop blaming JLaw and start blaming Apple for the celebrity photo leaks:
If you give a monkey a keyboard, a blank password entry field, and an unlimited number of tries and attempts, he will eventually guess the correct password.
Unfortunately, Apple’s security “flaw” was so simple that a monkey could have broken into Apple’s servers. Apple did not restrict the number of incorrect login attempts on iCloud and Find My iPhone.
That means a monkey – or better yet, a hacker – could easily gain access to someone’s private documents and files simply by guessing the right password.
This flaw has existed for years and for some reason Apple continued to refuse to lock users out after multiple incorrect login attempts.
Most other online services – from Facebook to Dropbox to Twitter – block users out after a number of incorrect login attempts. Apple, for whatever reason, chose to walk a different path.
For years, Apple was against two-factor authentication. Two-factor authentication involves entering two codes into your password entry box. One is your password – which you know. And the other is a four digit PIN code you receive via SMS on your mobile device.
It’s a simple but effective system that prevents most hacking attempts.
Apple, however, continuously refused to allow two-factor authentication on its devices and services – even as almost all its competitors were doing just that.
When Apple did finally enable two-factor authentication, they forced users to go through a convoluted, difficult process to enable that authentication. Apple appeared to be “actively discouraging” users from setting up two-step verification.
To make matters worse, Apple’s two-factor authentication doesn’t really do anything. If you have two-factor authentication enabled, you can simply sidestep it during the login process. That totally defeats the purpose.
Part of Apple’s “solution” to this problem is making it easier to enable two-factor authentication. Like everything with Apple’s security, it’s too little, too late.
The hack that brought down Apple’s security was so simple that it barely deserves to be called a hack. iBrute has been publically available for months.
iBrute was designed by a team of Russian programmers. Like the name suggests, iBrute “brute forces” its way into Apple’s security systems. It does that by trying every single password combination until one finally works.
iBrute was released in May 2014 to great acclaim inside and outside the hacking community. While most companies would immediately release a fix and apologize to any affected users, Apple took a different approach: it let its users be continuously exploited by this system. It let their files, photos, and personal data be viewed by malicious third parties.
It wasn’t until the celebrity photo scandal went public that Apple decided to release a fix. From May 2014 to September 1, 2014, hundreds of celebrity photos (and likely thousands more non-celebrity photos) were stolen from iCloud.
Apple has always advertised itself as the world’s safest operating system. “Macs don’t get viruses” and “Android is a toxic hellstew of vulnerabilities” are two mantras Apple likes to shout from the rooftops.
Apple can say whatever it wants in its advertising. But the problem here is that users believe they’re more secure than they actually are.
That’s called a “false sense of security” and it’s what caused celebrities not to think twice when they noticed their Camera Roll photos were being automatically uploaded (by default) to iCloud. Ultimately, this false sense of security is a huge reason why this leak occurred.
Apple has faced waves of criticism from this latest celebrity photo leak scandal.
They had to change at least some aspects of user security.
And that’s exactly what they did. CEO Tim Cook announced that Apple would now restrict the number of incorrect login attempts that could be entered by users on Find My iPhone and iCloud.
Tim Cook also plans to “encourage more users” to enable two-factor authentication – something that Apple has adamantly refused to endorse over the years.
Additionally, users will receive push notifications on their iPhones when someone tries to access their iCloud account.
Obviously, these security measures are too little, too late. The damage has been done.
But not only are they too late, but they’re not enough. Apple is playing catch up to every other tech company. Facebook and Google have strongly endorsed two-factor authentication for years and it’s virtually impossible to find a tech service that doesn’t block out users after multiple incorrect login attempts.
Apple cares little about user security. And even if they did care about user security, their actions demonstrate a total unwillingness to invest in user security. Leave Jennifer Lawrence alone. Start blaming Apple.