Apple Adds Two-Step Verification for iCloud Backup

Stung by a recent high-profile hacking involving nude photos of celebrities, Apple has added two-step authentication for backups on its iCloud cloud-based storage service. The change is aimed at preventing hackers from being able to access someone's personal backup data with just a password.

A user who chooses the option of two-step authentication must enter both a password and a four-digit code sent at his request to his phone or other trusted device. While Apple already offered two-step authentication for iCloud, the previous level of security left backups and the Find My iPhone service vulnerable.

Those vulnerabilities enabled someone to access nude photos that several female celebrities had taken using their iPhones, even after the women had deleted the pictures from their devices. A large number of those photos were then posted on the imageboard site 4chan in late August.

EUA Very Targeted AttackEU

In a statement issued on September 2, following the release of the stolen photos, Apple said that it was "outraged" and "immediately mobilized AppleEUs engineers to discover the source." Those investigations revealed that the celebrities' accounts were "compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet."

To prevent such security attacks, Apple recommended that all users "always use a strong password and enable two-step verification."

On September 10, however, Ars Technica reported that its team was able to use forensic software and other strategies to access other users' iCloud backups. Included in that backup data were phone call histories, deleted images, Apple Maps address searches and an address book database.

"ItEUs clear that anyone targeted by an iCloud account hack hasnEUt just had pictures exposed; their entire digital lives have been laid out on display," Ars Technica reported at the time.

In a...

Comments are closed.