With the amount of sensitive information stored on their servers, cloud providers take security very seriously. However, many cloud services actually use third-party servers like Amazon Web Services or Microsoft Azure to run their platform. Even for those with their own servers, the hardware is made by and supplied by third-parties. In light of security concerns, Apple is taking it to the next level and designing their own servers.
Right now, Apple uses Amazon, Microsoft and Google servers to help run iCloud in addition to their own hardware. While it might seem prudent to do everything in-house to keep things secure, Apple wants their servers to be designed themselves. As we know from Edward Snowden’s revelations, the NSA, and probably other spy agencies are prone to intercepting hardware mid-shipment and tampering with the hardware. Cisco for instance, has been one own past target and with Apple’s legal fight against the FBI, they may have been moved up the list.
By designing their own hardware, Apple will be able to make sure that everything is where it is supposed to be and no hardware has been added to it. With the massive scale of iCloud, Apple will be able to easily have whole manufacturing runs dedicated to them. Still, with their massive user base, running that many servers will be will a challenge for Apple. Nonetheless, Apple may soon get the total hardware control truly needed for true security.
Apple is currently facing an uphill battle against the FBI regarding the security of their iPhone devices. In order to reinforce their stance of being unable and unwilling to hand over the keys to personal information to anyone, law enforcement or otherwise, they are reportedly putting into place tighter security measures on their iCloud service. Still thought to be in preliminary phases, it could expand Apple’s battle against those wishing to access private cloud-stored data. The downside to this could be that it would make it impossible for Apple to restore the data of users who have forgotten their passcode, which is one of the main reasons for users to make use of iCloud’s backup system.
In the modern age of cloud data storage, law enforcement agencies regularly request data from web-service companies such as Google, Microsoft and even Apple, typically via court orders. It was reported that Apple had responded to requests from law enforcement agencies regarding as many as 1400 accounts in the first half of 2015 alone. While these are sometimes faced with contention, the main point of issue is often data sovereignty, when the person’s data is requested by a nation with no jurisdiction over it.
Much data from the time leading up to the attacks was retrieved from Farook’s iCloud backups, which stopped 6 weeks before the attack. This was what led to the FBI attempting to gain access to the terrorist’s iPhone itself. It is thought that the investigators responsible for collecting data from the iCloud account committed an error, which made the iPhone impossible to recover or compromise through the platform. Of course, with Apple’s supposed new hardening, even getting this much data would be impossible, with no amount of court orders being able to change it. A drastic change like this could be polarizing amongst the public, with many in America supporting the FBI in regards to the iPhone unlocking, which could have a strong effect on Apple’s business in the US and abroad.
The Department of Justice filed a motion stating that Apple has to comply with the FBI’s request to access the phone, even if that means bypassing the phone’s passcode. The problem being is that Apple offered them an alternative, that they now can’t make use of. Apple offered suggestions including triggering an automatic backup by plugging the phone in and connecting to known wifi, meaning it would then back up to the iCloud, a place where Apple can provide them with the data they are so keen to gain access to.
When the government stated that the automatic backups weren’t working, it was discovered, as listed in the motion, that a county employee in San Bernardino changed the ID passcode online after the shooting incident. San Bernardino county are the owners of the iPhone in question, having given it to Farook as one of their employees. The problem being that the reset occurred hours after the attack Farook was responsible for, raising the question of whom reset the passcode.
With Apple looking to help the government they are definitely appearing as the good guys, and with the news that the Government is already looking at ways to bypass encryption the fact that they are requesting the modification of the iOS to gain access seems to ring more than a few warning bells for companies and users alike.
Apple users that utilise iCloud Backup could find that their iMessage chats, which are usually protected from interception via end-to-end encryption, are uploaded to Apple’s servers in plain text form. So, while the act of sending a message remains perfectly safe, backing up these messages leaves them potentially open to exposure.
“If the government laid a subpoena to get iMessages, we can’t provide it,” Apple CEO Tim Cook told Charlie Rose in a 2014 interview. “It is encrypted, and we do not have a key.”
Apple does, however, possess encryption keys for user’s iCloud accounts. Should an iCloud account be subpoenaed, Apple would be forced to hand over that information.
The vulnerabilities of iCloud accounts led to such unfortunate incidents as “The Fappening”, when hackers gained access to a number of celebrity iCloud accounts that had failed to implement two-step security verification, and posted the private nude photos that were found there.
It’s come to the end of the road for apples iPhoto and Aperture apps, Apple have released a replacement called Photos that provides the functionality of both aperture and iPhoto.
iPhoto was released in 2002 and has 10 major version releases, however has had no major development since 2010.
Photos has been designed to integrate closely with the iPhone App. It will do so via the iCloud photo library support. Users can upload photographs from any iOS or mac device, allowing end users to be able to edit and view pictures from whatever apple device they have in their hand. The only issue that may happen is that you will run out of iCloud storage. Currently with a standard iCloud package you will get 5Gb of free space, if this isn’t enough for your photos then you can upgrade to 200GB for £2.99 a month; pretty good really!
However the new Photos app is not a complete replacement for Aperture, since that program offered a much greater set of editing tools; lots of which were meant for professional photography.
Apple have stated that aperture and iPhoto will remain functional as long as they are installed on the device. However, the change will mean that there will be no more updates.
Thank you to The Verge for providing us with this information.
Apple has just made it possible for anyone, even those who don’t own an Apple product, to access iCloud web apps. Previously, only those who owned an iOS device or Mac could use the online versions of Apple’s productivity apps including Pages, Keynote and Numbers.
From today, anyone can go to iCloud.com and access Apple’s apps in a similar fashion to Google Docs or Microsoft Office. The big difference though, is that Apple does not directly monetise the service. There are no ads or subscriptions and the apps can be used in Safari, Chrome, Internet Explorer or Firefox for free. However, free users only get 1GB of storage, while users of a Mac or iOS device get 5 GB of storage. Owners of Apple devices can pay for more.
The move is seen as significant, with Apple deciding to put themselves directly in competition with such services from Google and Microsoft. Whether they will pose any threat to those services remains to be seen.
Apple has just seeded the first beta of OS X 10.10.3 to developers, asking them test a number of tweaks and improvements, but most importantly, asking them to test the newly included Photos app – the iPhoto replacement that has apparently been heavily delayed.
Photos is set to be the all-out replacement for iPhoto, the app Apple introduced in the early 2000s as part of its ‘digital hub’ strategy. That was the concept that the Mac would become the centre of someone’s digital life, in that you would sync your iPod, your camcorder and your camera with your Mac acting as the central hub between all of the devices.
Of course, that isn’t the case these days, with the cloud having essentially taken that place of the hub. So Photos will essentially be the iPhoto of the cloud, tying in with Apple’s (currently in beta) iCloud Photos providing easy sync between Mac and iOS devices.
Developers are the only ones with access so far, with registered public testers possibly getting a chance to access it soon.
Founder of 4chan Christopher Poole, better known under the pseudonym ‘Moot’, has said farewell to the site he started 11 years ago. He said his goodbyes in a live broadcast on YouTube, watched by over 400,000 people.
‘Moot’ announced his departure in a front page post on 4chan on Wednesday, saying, “This is it for me. This is goodbye,” adding that it had been “a long time coming”.
“The journey has been marked by highs and lows, surprises and disappointments, but ultimately immense satisfaction. I’m humbled to have had the privilege of both founding and presiding over what is easily one of the greatest communities to ever grace the web,” he said.
No stranger to controversy, 4chan had a busy year, not least due to the infamous hack of celebrity iCloud accounts that revealed a number of nude photos, crudely nicknamed ‘The Fappening’. He concedes, “It took a toll. We had close to a billion page views that month. I was completely overwhelmed.”
As a parting message to the more notorious element of his old site, Moot said, “For people who are angry on the internet, I hope that one day you find the beauty in things.”
Terms and Conditions or End User License Agreements have always carried a certain amount of mystery. Largely because of their extraordinary length and mundane context which means nobody ever reads them.
Well artist Florence Meunier has ‘revealed’ a hidden message in the EULA for Apple’s iCloud. It’s not nesscarily an ‘Easter Egg’ planted in there by Apple, it’s more of a message composed of words found in the document. The thing is though, the message is probably quite relevant to our attitudes to these agreements.
“This is the story of a man, who one day was too busy or maybe too lazy that he, too quickly, clicked on I agree. What the latter did not forsee, is that he could never again disagree. The lesson of this story is that one shall not concede, to something one does not read.”
That message was composed in a little booklet created by the artist, styled using CIA-style redacted text as you can see above.
Startup e-mail app Acompli has been snapped up Microsoft. The moves surprised no one, since news of the deal accidentally leaked last week when a blog draft with the url http://blogs.microsoft.com/blog/2014/11/25/microsoft-acquires-acompli/, written by Microsoft Vice President Rajesh Jha, turned up on RSS feeds.
Acompli’s free e-mail app, for iOS and Android devices, has garnered many positive reviews since its release earlier this year. It supports Gmail and Microsoft Exchange integration – which likely brought the app to the attention of its new owner – as well as Dropbox, iCloud, and OneDrive.
Apple has delivered some updates to iWork for iCloud, its online productivity apps.
There are now 8 new languages, including French, Spanish, Portuguese, Chinese, German and Arabic and Hebrew for Pages only.
Perhaps more interestingly though, there are now 50 new fonts as well as a couple of new editing features.
You can now quickly change the name of your document in the toolbar of apps and Keynote now allows you to hide the slide navigator. In Pages you can now undo deleted selection brakes.
iWork for iCloud is Apple’s answer to Microsoft’s Office 365 and Google’s Docs. The service was launched to allow users of Apple’s productivity apps to share and collaborate on documents over the web. It recently received some major updates alongside the launch of iOS 8 and OS X Yosemite.
In recent news, Apple has decided to up their iCloud security in light of recent problems as according to CEO Tim Cook and The Wall Street Journal. Cook confirmed in this article the fact of photos being leaked due to ‘social engineering’, meaning the stars usernames and passwords were directly targetted.
Cook directly commented:
“Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time”. WSJ
The change is set for implementation in two weeks, alongside a broadening of their two-factor authentication -alongside encouraging people to actually use these measures.
Are your accounts safe? It never hurts to educate yourself or others on basic internet securities – especially with so much of our data being ‘online’ in this day and age.
Apple has now come to their own defence, claiming that it was not in fact an iCloud ‘leak’ but these celebrities have had their personal accounts hacked individually. Apples Natalie Kerris explained:
“We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.” Business Wire
So although technically not a leak, Apple are claiming that these stars have fallen victim to “social engineering”. Although this is quite possibly true, Apple has already had some serious damage dealt to their reputation surrounding iCloud as a whole since this story surfaced just a few short days ago.
Moral of the story once again? If you’re going to take these kinds of photos, don’t store them anywhere on, at or near the internet!
Stay tuned to eTeknix for more information as it develops.
The leak of hundreds of erotic and nude photos of celebrities quickly got the interest of most of the internet and has dominated the news headlines for the past day already. As it is with every leak, people start to wonder where it came from and who could be behind it. Like before, the users of reddit and 4chan started their own investigation and also got some results quite fast.
They started the claim that the 26-year old web developer Bryan Hamade was behind the hack and leak. This was based on the posted screenshots that appeared online that showed a series of names that could be connected to the web development company Southern Digital Media. At first however they thought it was the 15-year old intern that was the culprit, but quickly changed their target towards the server administrator.
Hamade has given several interviews and is denying any and all allegations that he should be the hacker, saying “I only reposted one thing that was posted elsewhere and stupidly had my network folders visible.”
“I am not the original leaker. The real guy is on 4chan posting intermittently,” Hamade says. “He’s most likely the one behind it, but it does seem the photos passed around to multiple people before being leaked, so it may just be someone who has them and didn’t hack to get them. I’d never in a million years know how to hack into any of the accounts listed. 4chan just attacked me because they like to attack anyone in situations such as this.”
Hamade has also become the target of serious abuse in the wake of the accusations. It’s been a nightmare and he hasn’t slept for 34 hours, he said in a statement to BuzzFeed. He is being bombarded by email threatening him and to hack his websites and calling him at home to insult him only to hang up again. They even said they would hack his mothers website, so he took that down for now.
Hamade really regrets that he shared the photos, specially since he didn’t even get any Bitcoins out of it. “It’s the stupidest thing I’ve done and I hope it won’t ruin my life, though it probably will sine it’s the biggest news story.”
I honestly hope that this story won’t turn into another version of the CCTV investigation by the Reddit community on the Boston marathon bombings, where their identified suspect turned out to be an innocent homeless man, and was found dead. Vigilante actions aren’t the solution.
Apple is currently investigating the breach, but haven’t said anything definite about the attacks yet. “We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris. Some reports also indicate that the photos have been sold on black market sites for some time, but it wasn’t until they hit 4chan that the general population found out about it.
Some Australians and New Zealanders who own iPads and iPhones received a rude awakening from an online attacker. When they powered up their iOS devices, their home screens were locked on a nefarious message. “Device hacked by Oleg Pliss,” says the message. “For unlock device YOU NEED send voucher code by $50 one of this (Moneypack/Ukash/ PaySafeCard) to _____ for unlock.”
In most cases, Mr. Pliss asked for US$50 or €50. In other cases, he got more greedy, demanding US$100 or €100 via PayPal. Although it looks like ransomware to the user, security analysts discovered that no one’s iPad or iPhone actually had malware on it. The mysterious Oleg Pliss had actually taken control of the users’ iCloud accounts.
iCloud is the hub that connects an Apple user’s devices. Macs, iPods, iPhones and iPads upload files to iCloud, and those files are pushed to other devices. It’s the reason that something downloaded to iTunes on an iPhone also appears on the user’s Mac without requiring USB sync. It’s also the tool that lets iPhone and iPad users locate their devices remotely or wipe them if they’re lost or stolen.
Oleg Pliss didn’t develop malware, which could have been easily detected and erased by antivirus for Mac software. He hijacked Aussie and Kiwi iCloud accounts by somehow obtaining login credentials. Security researchers have several hypotheses for how attackers stole the information:
Recent data breaches. Some researchers wonder whether Oleg Pliss used data from a recent breach, like the eBay breach, to hack into people’s iCloud accounts. In many cases, people use a single password for all of their accounts, or they use just a handful of passwords for multiple accounts.
Man-in-the-middle attacks. Some experts suggest that an iTunes or iCloud bug could have rerouted devices to a fake iCloud login site. When users logged into the fake site, attackers gained access to their passwords. Another hypothesis is that attackers rerouted ISP traffic within a vulnerable Australian network. iCloud users had no idea that they were visiting malicious servers.
“Joe Job” attack. A Joe Job attack is the online equivalent of writing “For a good time, call ____” in a bathroom stall and scribbling in the number of someone the graffiti artist doesn’t like. In other words, someone could have posted someone else’s iCloud login credentials as an act of retribution against the account holders.
What to Do
So far, experts have no idea how Oleg Pliss obtained iCloud login information. However, they do have some suggestions about how users can keep their iCloud login information safe.
Enable two-factor authentication (2FA). iCloud users should set up 2FA with their Apple ID, which won’t allow them to login to iCloud and other Apple services without entering a second login code. Users can receive codes via text message, or they can get codes on any iOS device.
Backup all iOS devices. Anyone who owns an iPod, iPad or iPhone should save a backup copy on either their Mac or an external hard drive. If they find their devices locked or remotely wiped, they can perform a recovery mode reset of their iOS devices and recover the backup copy using iTunes.
Change all duplicate passwords. Apple users should change all passwords so that they avoid using the same password on more than one account. A password manager can generate random passwords, which contain tough-to-crack combinations of numbers, letters and symbols. Then, password managers store the passwords and auto-fill them into different login fields with a single click.
A Tempting Target
The Australian and New Zealand iCloud attacks aren’t the only known hacks of iCloud accounts. The Russian Interior Ministry also recently reported that it had seized computers, SIM cards and phones used by a pair of Russian hackers. The hackers had obtained iCloud credentials using phishing emails directed at Apple users. They had also created new Apple accounts locked to victims’ iOS devices. Once they had created the new accounts, they sold the Apple credentials so that buyers could obtain apps, music and other assets stored in iCloud by the person who owned the device.
As Apple devices become more popular, attackers will look for more ways to disrupt their operations. Antivirus programs and smart device management techniques, in most cases, should help Apple users protect their accounts.
Since OneDrive (formerly known as SkyDrive) has been launched, Microsoft offered a standard 7 GB free storage space with additional subscription fees for users who required more. However, this is about to chance with Microsoft’s latest announcement of upping the 7 GB free space to 15 GB.
The company is said to have planned the additional storage space delivered for free in order to compete with its rival, Google Drive, which also currently offers 15 GB free storage space. In addition to the OneDrive service, Office 365 users are also said to benefit from 1 TB of free storage space with a 20 TB limit for subscriptions.
The 1 TB free space for Office 365 users is quite generous, given the fact that it was previously offered only to business users. Nevertheless, while Google and Microsoft compete in offering free space, the same cannot be said for other similar services, such as Apple’s iCloud, which is said to have nothing planned in terms of free storage space addition in the future.
Microsoft has also tweaked its monthly subscription fees as well, having the 100 GB storage space subscription currently down to $1.99 from $7.99 and the 200 GB subscription down to $3.99 from $11.49. The price cuts are so substantial that the 50 GB subscription appears to have been cut due to the fact that a fee for the latter would be so insignificant that Microsoft would have been better off adding the storage option for free (which would have been great news for OneDrive users).
The company has also stated that existing as well as new users will be able to experience the change in their free storage space availability. Windows as well as Windows Phone users should be pleased with the additional space, having more space to sync their photos, videos and data to the cloud for safe keeping.
It appears that yet another bug cropped up in Apple’s latest iPhone iOS 7 firmware. The latest finding apparently lets you bypass the user password and deactivate the Find my Phone feature, hiding it from the iCloud.com page on which you can effectively track its location in case of losing it or having it stolen.
It is reported that replicating the bug is simple enough, and that repeated attempts were successful, according to MacRumors. The exploit was found on the current 7.0.4 firmware and can be performed by making a few changes to the iCloud account menu as shown in the video below.
MacRumor reported to have replicated the exploit on firmware 7.0.4, but could not replicated it on the upcoming 7.1 firmware, leading to the possibility of it being fixed in the upcoming firmware release. To be noted is that the exploit can disable Find my Phone and have the iOS device erased, but it will not bypass Apple’s Activation Lock theft deterrent system. The handset will still be rendered unusable since it will always ask for the Apple account password for every action, such as downloading an app.
It is also noted that the exploit works on devices that do not have Touch ID or Passcode enabled, therefore it is recommended to enable at least the Passcode on your handsets if you do not own an iPhone 5s, at least until the iOS 7.1 firmware gets released and the exploit fixed.