With increasingly popular devices such as the iPhone, iPad and MacBook under its wing, Apple has become one of the top consumer electronics brands in the world. Aside from the user-friendly interface and great synergy between hardware and software, the iCloud feature is one of the biggest reasons consumers opt for Apple products. However, there have been concerns about this feature lately.
Recent iCloud Security Breaches
Cybersecurity news site, The Hacker News (THN) reported in January that Apple ‘possibly’ experienced a cyber attack towards the end of 2018. This breach occurred due to a weakness in its system, which might have compromised iCloud accounts and other private content.
Security researcher Melih Sevim revealed to THN that he detected a flaw in Apple’s platform, which gave him access to some data from random iCloud accounts. He was also able to access specific ones by simply having phone numbers linked to these accounts. According to Sevim, he reported this discovery to Apple. This was in October 2018.
However, it seems that the tech giant decided to keep the incident under wraps. Come November 2018, the company had fixed the issue and confirmed its existence to Sevim, adding that they had taken action even before he got in touch with their team.
This was not the first time that Apple has had a security breach. Back in August 2018, a 16-year-old Australian hacked into Apple’s servers, according to BGR. He had been accessing the servers for approximately one year, attaining more than 90 gigabytes of data. The company responded that it had discovered, contained and reported the case.
iCloud Security… How Protected Are You?
Whilst Apple and iCloud users should take precautions in securing access to their devices and accounts, the risk of a security breach is slim.
According to Apple support, the service uses encryption on user data during and after it is transferred to its servers.
Utilizing authentication tokens and end-to-end encryption (for specific sensitive data) when information reaches iCloud, users are the only ones who can access their data.
Information covered by in-transit and on-server encryptions includes backups, bookmarks, calendars, iCloud Drive, Messages in the service, photos and much more. End-to-end encryption is applied to home data, health data, iCloud keychain and payment information among others.
Aside from encrypting user data, the service also uses two-factor authentication, giving access to specific devices only. This utilizes an Apple ID, a password and a six-digit verification code which will be shown on verified devices. iCloud also uses tokens to prevent storing passwords on devices.
Meanwhile, BGR told users that the August 2018 hacking was nothing to worry about as no reports of widespread incidents have been reported.