Apple CEO Tim Cook said in his first interview about the incident that the iCloud accounts of the involved celebrities were compromised because of several reasons. One points out to the fact that hackers had correctly given the answers to the security questions which enabled them to easily identify a user's password. Another explanation deals with a phishing scam that targets a celebrity's user ID and password.
Cook noted that the company's servers had nothing to do with the leaking of Apple IDs and passwords. He added that the widespread hacking targeted directly the celebrities as shown by how the perpetrators had easily answered the security questions, reset the password, and sent scam-infected emails. In other words, the nude photographs are not actually stolen and that there's no way the iCloud system could be breached.
One of the measures to be taken by Apple is creating a new system that will enable users to react to the situation almost instantly. This would include changing the password for the user to regain control of the account. Another involves sending an alert to Apple's security team.
Cook adds that the most important measure to avoid an illegal intrusion in the future deals more with the human aspect as opposed to the technological side of it.
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," said Cook. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
Cook plans to be more aggressive when it comes to encouraging users to turn on the two-factor authentication which shall take effect in the new version of iOS. The method would require a user to have two or perhaps even three ways to gain access to their own account. This would include using a password, decoding a separate one time code of four digits, or entering a long access key that the user gets hold of as soon as they sign up for the service.
"The usability battle will always be there but could you ever imagine using your debit card at an ATM and not entering a pin? That's two factor, something you have (a card) and something you know (a pin), and we all get along just fine," said Matt Johansen of WhiteHat Security.
The iCloud service enables Apple users to store photos and other content which they can easily access from any Apple device. While its security had been a constant target of concern, users still adopt the service because of its data storage and management features.