Categories: Global Tech News

Apple Adds New Password Protection for Third Party iCloud Apps

The recent hack of celebrities’ iCloud accounts was all too familiar to Gizmodo blogger Matt Honan.  He fell victim to hacker trolling in mid-2012, with his attackers exploiting password recovery options for Apple, Inc.’s (AAPL) recently launched iCloud.  
 
At the time, users could recover their iCloud password by inputting the last four digits of their credit card on file.  After the Honan incident, Apple promised to beef up security.  In March 2013 it updated the iCloud to support two-factor authentication — the first factor being your Apple ID account password and the second factor being a four-digit passcode sent to a trusted mobile device.
 
The approach was promising but few users embraced it.

Apple’s 2-step ID verification.
In an interview with The Wall Street Journal, Apple CEO Timothy Cook defended his company’s security record, while offering up a mea culpa of sorts, saying that it perhaps could do more to prevent intrusions like the celebrity photo leak.  In the interview, Mr. Cook mentioned some upcoming security changes to the iCloud.  Now true to his word those changes have been officially unveiled.
 
The first (and smallest) change will be new notifications.  Apple is now posting reminders to users on iCloud, encouraging them to use two-factor authentication.  The devicemaker has also activated new warning emails, which are sent to the user’s email account whenever a browser iCloud login is detected from an unfamiliar location.  The alert works without any special user settings and works even if the user hasn’t activated two-factor authentication.
 
For some users the warning might be a dead giveaway of malicious activity, as many users only interact with the iCloud on a daily basis using their mobile devices.  Depending on how fast the email alert is received, users might have time to lock their account before the intruder is able to obtain many files.
 
It also just posted details on a new feature to add further security — app-specific passwords.

While it’s still unclear how exactly hackers obtained access to celebrity accounts in the most recent hack, one potential weakness was the iCloud’s link to third party applications.  Since the launch of the iCloud in Oct. 2011 Apple has allowed users to give permissions to third party apps.  Users, for example, could use the Facebook.com, Inc. (FB) iCloud app to back up their iCloud images.
 
The downside was that hackers didn’t necessarily even need to get access to your Apple ID or password for your Apple account in order to snatch your photos.  In many cases it would be enough simply to gain a password to a trusted third party app or platform (e.g. Facebook) via phishing, then request a photo backup.  Given how easy it is to set up a page that looks like Facebook’s login page, that’s a dangerous possibility.
 
Now that will be much harder to exploit third party apps for access as users can set a password that will be prompted every time you log in third party app.  While it’s easy enough to set up a fake Facebook page, it would require much more impressive skills to code up a fake Facebook page that also contained a fake iCloud app interface and login prompt which was convincing enough to make a user believe it was real.

The app password feature will be activated on Oct. 1.  Users will be able to store up to 25 unique app passwords.

Finally, Apple also expanded support for two-factor authentication to additional regions. Initially the technology was only supported in five countries; now it is supported in 59 nations.

Recent Posts

AMD Dual-Core Optimization Utility Available

AMD Dual-Core Optimization Utility Available

Improving dual-core compatibility for gaming

5.7″ ZTE ZMAX “Phablet” Coming to T-Mobile Sept 24 for $252

ZMAX will come with a Snapdragon 400 processor and 720p display

100 Northern California Households to Receive Plug-in Priuses

UC Davis dares to go where Toyota won't with the Prius

Apple on Microsoft Ads: PCs Are “No Bargain”, Macs Are “Cool”

An Apple spokesperson fires back over Microsoft's latest commercials

Update: 13.3″ Dell XPS m1330 Notebook Details Leaked

Engadget gets the scoop on Dell's latest "ultra-portable" notebook