Apple tightens iCloud security but says celebrity's nude photos wouldn't have been stolen if they'd followed the rules

Apple says users should be encouraged to turn on two-step verification which uses codes texted to customers' mobiles as an extra layer of security
  • @jjvincent

Following the publication of dozens of celebrities' private photos by hackers, Apple has said it will introduce new, stricter security measures to keep its customers' data safe in the cloud.

Since the stolen photos were first published last Sunday, Apple has admitted that iCloud accounts were breached by hackers but has maintained that the fault was down to poor passwords and phishing scams used to obtain individuals’ log-ins – not because of Apple’s own security.

LIVE: Apple iPhone 6 event

However, this response has met with little sympathy from the security community, which maintains that although Apple may not technically be at fault, it was its systems that gave hackers the opportunities they needed to take the data.

Apple CEO Tim Cook is apparently keen to meet these criticisms head on, and told the Wall Street Journal that in the future Apple will alert users via emails and push notifications if someone is trying to change their password, copy their iCloud data or log into their account from a new machine - three flaws that are thought to have been used by hackers to steal data.

Former Apple CEO Steve Jobs talks about iCloud back in 2011.

However, these alerts only show up if users have turned on the extra security measure known as 'two-step verification'. This links users' iCloud accounts to their mobile, so if there's any new activity (for example, if hackers have stolen a users log-in and try to use it on a new computer) Apple will check this with the user by texting a code to their mobile.

Similar security measures are available from Google and Microsoft, but Mr Cook agrees that it's Apple's responsibility to educate its customers about best security practices.

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," Mr Cook said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."

The WSJ also reports that it is Apple's opinion that if the celebrities affected by the photo scandal had used two-step verification then hackers wouldn’t have had the opportunity to guess their passwords or the answers to their ‘security questions’.

US actress Jennifer Lawrence was among those affected by the hack.

It seems that the iPhone-maker is working hard to restore confidence in its cloud systems - which are set to play a big part in the unveiling of new products (including the iPhone 6 and possibly a wearable device) at an event in California next Tuesday.

Apple’s new devices are expected to work as mobile wallets as well as fitness trackers, and if nude photos can be stolen from the cloud, many customers will naturally be wondering whether it’s also safe for their medical and financial data.

Apple’s response – or, rather, Mr Cook’s – seems to be ‘you can trust us – but only if you do exactly what we say’. Whether or not customers will respond well to this, especially coming from a company that has always put ‘usability’ front and center, remains to be seen.