Apple has issued a security warning to users after ‘Chinese hackers’ reportedly attempted to target iCloud. The alert follows a report by Greatfire.org, a site dedicated to tracking internet censorship in China. The report claims that Beijing-backed hackers have been tricking users into giving away personal data and allowing unauthorized access to private documents and emails. The hackers used “man-in-the-middle” style attacks that place a false site between site to site navigation, duping users into entering their personal information onto these dummy sites.
Apple responds to celebrity photo leak scandal
Back in September, Apple CEO Tim Cook announced that they would be adding extra security measures to its iCloud services, following the high profile celebrity photo leak scandal.
Apple has increased its use of two-factor authentication and extended it to iCloud account access from mobile devices with the latest iOS update – previously users had to activate it manually on their site. Apple have also included alerts if someone attempts to change your account password, access your account or download your iCloud files onto an unknown device. The alerts allow users to immediately change their password and contact Apple security.
Traditional password security has proven to be very vulnerable to attack, Apple’s two-step security means users can enter their main password and then a further verification code usually sent via text when accessing their iCloud accounts – similar security methods are used in online banking.
Enhanced security is also about awareness
In response to the celebrity photo hack, Cook admitted that Apple “could have done more to make people aware of hackers potentially targeting their accounts” emphasizing the need for users to create more secure passwords.
“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece. I think we have a responsibility to ratchet that up. That’s not really an engineering thing,” he said.
Apple believes that two-step authentication will significantly reduce security breaches, but more need to be aware of it for it to be effective, as the majority of users currently aren’t.
In September, Apple told the Wall Street Journal that if the celebrities whose accounts were hacked had used the two-step authentication then hackers would not have been able to guess their security questions and access private material.
Easy targets for hackers
It’s not just Apple who are feeling the pressure to ramp up security measures. Providers that maintain cloud and archiving services are improving security and user verification too, as they are just as vulnerable to attack as the larger organizations, if not more so, as hackers often see them as ‘weak links’ and easier targets.
For example internet security and email-management provider Mimecast offer Email File Archiving that secures files alongside email data in tamper-resistant chains, akin to Apple’s 2 step verification. While hosting archive service, Sonian concentrates on the protection of intellectual property and proposes that cloud data storage is the best way to tackle threats to data security.
Businesses as well as individuals are making full use of cloud technology and many have made the move over to cloud data storage for their documents and archives, relying on the ease of access and security that comes with this type of service. Human generated data, such as file systems, are arguably a company’s most valuable documents and businesses need to step up security to ensure they are safe and cannot be extracted or tampered with. Major reforms are being made regarding internet security and protecting private data – businesses must keep up to avoid losing their most precious assets.