
Apple Says It Will Add New iCloud Security Measures After Celebrity Hack - dnetesn
http://bits.blogs.nytimes.com/2014/09/04/apple-says-it-will-add-new-security-measures-after-celebrity-hack/?ref=technology
======
AlexandrB
Hopefully they reconsider their security questions as well. I was helping my
mother create a iCloud account and the stock questions are a nightmare for
her. Things like "Who was your first teacher?" require her to remember things
that happened 60 years ago in a non english speaking country and provide an
answer in English (that she will now have to spell consistently next time).

~~~
cliveowen
You're not supposed to put in real answer anyway.

~~~
personZ
This sort of comment appears a lot and it makes for an easy trip to victim
blaming.

Apple created these questions for you to enter real answers. They fully intend
for you to put in real answers. That is what the system's purpose is.

That we look at it and say "well that is grossly insecure, so I'm going to put
in the SHA512 hash of the question with a fixed secret salt" might assuage our
risk, but it does nothing to relieve Apple of the failure of this security
system.

~~~
AlexandrB
Not only is it insecure, but in some cases intensely user unfriendly. I used
to put real answers in these until I realized even if I remembered the answer
I could never recall the _exact_ string I used.

A common example: "Name of first car?"

So was that "Neon"? or "Dodge Neon"? or "Blue Neon"? or maybe "neon"? or "1991
Dodge Neon"?

Security questions are basically a secondary password masquerading as
something else. But because they are not called a password, the expectations
on their character-wise-correctness are not clear to a layman. I find the
continued proliferation of security questions baffling, especially when some
sites call password + security question "two factor authentication".

------
samspot
I lost my apple account to an attacker. Apple wouldn't let me have the account
back, even though I still controlled the email address for the account. Reason
was because I could not answer a custom security question I made up over 10
years ago when I was still a student.

My question: What is Brak's mom's thing?

I hate security questions passionately. You have only a few options:

1) Put in some unforgettable public information so anyone can have your
account.

2) Put in some secret, highly forgettable information that you won't remember.

3) Put in some standard response that will inevitably fail to meet the
requirements for some questions. My first attempt at this was 'na' for not
applicable, but many questions have a minimum # of characters

~~~
micampe
Security questions are horrible, but I think the best solution is 2b: Put in
some secret, highly forgettable information that you save in your password
manager as a note together with your password.

~~~
X-Istence
Which you sync to the cloud using iCloud, and you've lost access to your
computer because the drive failed and now you can't answer the question
because you can't access iCloud to get the information back out :P

~~~
ensignavenger
You should never rely on the 'cloud' as your only backup. You should always
have a local backup as well. At least, while we are on the subject of ideal
best practices for individuals :)

------
Afforess
Summary for those too lazy to get past the NYT paywall:

> _The company said it would add alerts to tell people about activities that
> could be signs of a break-in._

> _Customers will receive push notifications when someone tries to change the
> password for their iCloud account, upload their backed-up account data to a
> new device or log into their accounts for the first time from an unknown
> device, the company said. The notifications will be added in two weeks._

> _In the past, Apple customers were receiving emails only when someone
> changed their account password or logged in from a new device. They received
> no notification or email when someone loaded an iCloud backup onto another
> device._

~~~
simoncion
So, there are going to be exceptions to these notifications when law
enforcement does all of these things, right?

If so, then it's _still_ security with an exploitable backdoor.

Edit: For the downvoters, and those who might choose to downvote, I guess that
you don't understand that LEO backdoors are a real thing that can and _are_
actually exploited? Here's some reading:

[http://www.wired.com/2014/09/eppb-icloud/](http://www.wired.com/2014/09/eppb-
icloud/)

[https://www.schneier.com/blog/archives/2006/03/more_on_greek...](https://www.schneier.com/blog/archives/2006/03/more_on_greek_w.html)

If your secure system has a way for a number of third parties to conveniently
and quickly gain clandestine access, that means that someone who's not in the
group of third parties that you intended to permit access will _inevitably_
gain access.

------
Aldo_MX
Honestly, I hate the fact that I:

1) I have to answer 3 security questions

2) I can't use the same reply to all of them

I can't trust any storage device but my brain, and the fact that I actually
answer unrelated information to the question means that it's almost impossible
for me to remember what I answered in each one.

I'm not going to give real answers, because real answers are insecure.

~~~
batbomb
You can put answers in your physical wallet or in a safe.

I don't know about you, but I've never had my wallet compromised.

------
pilsetnieks
How about rolling out what they already have (2-factor auth) out to the rest
of the world? Only about 60 countries have 2-factor auth for Apple IDs.

~~~
justizin
That's great and all, but it's been made clear the exploit would have bypassed
MFA, because MFA isn't used to restore backups. This is a tricky problem,
since your phone is probably your MFA device. One easy thing they can do going
into the future is once anyone acquires a device with fingerprint ID, allow
that as an additional required auth factor when restoring from backup.

------
wahsd
That almost sounds like an admission of guilt.

I get that their overall security process is rather patchy and has huge holes,
but it is still up to the user to choose between a secure and hugely annoying
password, or an easy and convenient one.

~~~
personZ
The item they are fixing is not the password, which already has complexity
requirements, and through most systems is rate limited. They are fixing the
security questions system.

And I think they're understating the changes they're going to make. Simply
sending a "BTW someone just took over your account" message is obviously not
enough -- take it over at 2am and enjoy a night of malfeasance. Instead I
imagine they are going to put in some thoughtful patterns like-

-emailing the password change notice to the email address on record on the successful completion of the security questions.

-having a window before any new password/grants come into effect from such a system.

Or the like. As is their proposed improvements don't do much more than what
currently exists, where you (apparently) do at least get an email after
someone reset your password by exploiting this system weakness.

------
taksintik
It's amazing how apple will basically sweep this under the rug thanks to its
perceived brand trust that it's earned over the years. Pretty impressive to
see from a marketing perspective.

------
karmelapple
Could the iWatch act as a kind of password / second-factor authentication? I
could see Apple taking this tack, but they would have to be _very_ careful if
they discussed this in the keynote, since at least a few celebrities tweeted
pretty nasty things about Apple / iCloud.

------
wehadfun
My solution: charge for password recovery and refund the money.

~~~
Someone1234
Honestly that's actually genius. Just pre-charge 1c to a Credit Card (which
you won't need to refund as it is a pre-charge, not a charge) which will allow
you to verify the name, address, and so on.

The only limitation of this concept is: People who don't own cards and under-
age people who couldn't own them. It is possible to JUST use iTunes etc with
just gift cards.

------
nissimk
Has anyone suggested private photo mode, like private browsing mode where the
photos aren't automatically synced or backed up to the cloud?

~~~
micampe
Photos upload is not enabled by default.

~~~
Someone1234
Uhh yes it is. I have iCloud right in front of me. Both the desktop and iPhone
ones have "Photo backup" and "Camera roll" respectively turned on initially.

You have to go to iCloud -> Storage and Backup -> Manage Storage -> Camera
Roll to turn it off.

Unless you mean that iCloud backup itself is not turned on by default, which
is accurate. But the way you worded it it reads like if you have iCloud
backup, it won't backup photos until you expressly tell it to which is
inaccurate.

~~~
micampe
I meant the latter. Turning on backup and having it only do a partial backup
by default would be a surprising behavior for users.

------
cliveowen
I haven't been following on this matter, it was or it wasn't Apple's fault?

~~~
randomfool
From the article:

"Apple earlier this week said that after a 40-hour investigation, the company
concluded that there was no breach of its data servers. The company has said
it discovered a number of celebrity accounts were compromised by targeted
attacks, using methods like phishing or correctly answering security questions
to obtain their passwords."

So the stolen data was from Apple's servers, but was obtained by compromising
individual logins.

Lesson #1: enable 2FA. now.

~~~
nwh
2FA does not protect iCloud data at all, it would have done nothing here.

~~~
justizin
My understanding is it just doesn't protect iCloud backups, which is what were
compromised here - also why things deleted from the phone were still in the
cloud.

~~~
nwh
That's mine too, an iCloud backup is pretty much keys to the kingdom. Could
also just have been that they had access for a very long time and downloaded
data multiple times in that period without being detected.

