Apple updating security for iCloud

After last week’s mass release of nude photos from multiple Hollywood actresses, Apple Inc. announced new security measures to keep user accounts safe.

In an interview with the Wall Street Journal, Chief Executive Tim Cook said hackers were able to brute force into the actresses’ phones by correctly guessing security questions and opening their passwords.

None of the passwords were leaked directly from the company’s servers, he claimed.

Cook says Apple will now alert users through email notifications and allow them to take action immediately when someone moves iCloud data to a new device, logs into an account for the first time, or when changing a password. Apple will start notifying members of the changes in two weeks.

Cook admitted Apple should have done more to make people aware of the dangers of hacking.

“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook said. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”

Apple will also increase two-factor authentication, which requires an Apple user to have both a main password and either a separate four-digit one-time code or a long access key purchased with the system in order to unlock the device.

With the feature is turned on, these steps will be needed to to sign into an iTunes account from another device. Two-factor authentication will also be used for iCloud accounts.

Cook claimed that most users don’t have two-factor authentication, so Apple will encourage people to download the newest version of iOS and activate it. If the celebrities already had the system in place, hackers wouldn’t have had an opportunity to guess the correct answers to security questions, Cook said.

Outside security experts critized Apple for made the previous security too easy to hack, in only requiring answers to security questions.

“There’s a well-understood tension between usability and security,” said security researcher Ashkan Soltani to the Wall Street Journal. “More often than not, Apple chooses to err on the side of usability to make it easier for the user that gets locked out from their kid’s baby photos than to employ strong protections for the high-risk individuals.”

The new notifications will only notify users after their devices have been hacked, Soltani claimed.

The company is trying to salvage its reputation ahead of a new product launch announcement next week. Apple is cooperating with federal law enforcement to investigate and prosecute the hackers. The company did not release information on how many users were affected.