BY: SARAH HOWELL
Though Apple has presented evidence to avoid taking responsibility for a recent string of iCloud leaks, closed-eyed consumers have been made startlingly aware that common security practices are no longer effective.
In a statement of deflection, Tim Cook said in a Wall Street Journal interview that “celebrities’ iCloud accounts were compromised when hackers correctly answered security questions to obtain their passwords, or when they were victimized by a phishing scam to obtain user IDs and passwords.”
Many Apple users, lured by world-class branding and an operating system built on user-friendly simplicity, are unaware of how cloud computing works or what “two-step verification,” the keyword of the scandal, even means. A “cloud” is a shared network in which data can be stored and accessed over the Internet instead of through a computer’s hard drive. Advertised as a convenience to users, iCloud is beneficial in the case of theft or system crashes. Think of iCloud as a bank with information as its currency; its wealth of information occupies a 500,000 square-foot facility in Maiden, North Carolina (there are plans to double its size), and an additional 338,000 square foot facility in Prineville, Oregon.
While iCloud is apparently oh-so-convenient for consumers, it also benefits Apple pragmatically: What better way to understand consumers than to target them by analyzing personal information?
In a press release, Apple claims that “none of the cases [Apple has] investigated has resulted from any breach in any of Apple’s systems.” They later admitted that further steps could have been taken to increase security. Two-step verification, used by Apple and a score of other sites, requires a user (or a hacker) to provide two of three pieces of information given to the user when they signed up for the service: a password, a four-digit once-use code, or a long access key.
Apple still uses and recommends the verification system, even though easily available software can bypass it and grant access to iCloud back-ups.
The second hacking method is known as a “brute force” attack, in which a hacker attempts to input passwords for an account multiple times without being locked out.
Apple refused to comment on a supposed breach in iCloud computer script. Apple’s backup plan when hackers exploit the cracks in its leaky hull is to sound the alarm by sending a code to the user’s phone or tablet when his or her account is being accessed.
Critics of Apple’s security include Vladimir Katalov, a security researcher at ElcomSoft, who analyzed the iCloud Protocol and found that, despite Apple’s claims, the two-factor authentication “does not look like a finished product.” It lacks the security that would be expected but does not “[protect] users’ personal information stored in the iCloud from unauthorized access.”
Despite the uneasy press, Apple has assured addicted consumers that they have taken the proper steps to provide increased security and peace of mind. In a recent patent issued by Apple, further security measures could “include technology like scanning your retina to unlock the phone, requiring a Touch ID swipe, or using some other type of biometric test” to access your phone. Other additional security measures appear to be security settings that adjust according to your location, e.g. changing security requirements depending on whether you are at home or at a social event.
I guess the question really remains: Should we take steps to secure the iCloud network by further sacrificing privacy of our biometric and locational data to a company that is anything but transparent? Or should we realize that, though the iCloud network may add convenience to our lives, it is not wholly necessary?
The nude photos of Jennifer Lawrence that were leaked are more than just a virtually immortalized sex crime. The leak is a warning of a larger flaw in the way that consumers choose to store mass quantities of diverse and significant personal information. The root of the problem does not begin with the strength of security measures, but rather with the information we choose to share.
Despite the highly publicized leak, preorders for the iPhone 6 reached four million in the first 24 hours, and millions more waited in lines that stretched to thousands of patrons over several blocks—much like a massive herd of sheep obedient to the all-white shepherd Apple. The question is: Where is the shepherd taking us?