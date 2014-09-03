By Christina Farr and Edwin Chan
SAN FRANCISCO, Sept 2 Apple Inc has
often displayed uncanny timing, with its well-orchestrated
end-of-year iPhone releases. But the leak of racy celebrity
photos in the past few days put the company in the unusual
position of having to mend its image just days before a highly
anticipated Sept. 9 product launch.
Nude photos of Hollywood celebrities, including
Oscar-winning actress Jennifer Lawrence, posted on Internet
forums by unknown hackers has sparked condemnation from stars
and their publicists, and prompted an investigation by the
Federal Bureau of Investigation.
In the wake of the breach, cybersecurity experts and mobile
developers have called out inadequacies in Apple's and, more
generally, cloud-services security. Thousands have taken to
Twitter to express their frustrations with the company.
Some security experts faulted Apple for failing to make its
devices and software easier to secure through two-factor
authentication, which requires a separate verification code
after users log in initially. The process requires several steps
and more than rudimentary knowledge of a phone's workings.
Apple could also do more to advertise that option, they
said. Most people do not bother with security measures because
of the extra hassle, experts say, and the leading phone makers
are partly to blame.
"Making things more private or secure by default instead of
having "security options" would go a long way. Most people won't
take those options and they aren't necessarily advertised as
available," said Matt Johansen, senior manager of the Threat
Research Center at WhiteHat Security Inc.
"Most sites with two-factor authentication, you need to go
to some very obscure options menu, multiple-clicks deep."
To be sure, the inadequacies identified in Apple's cloud and
mobile security ring true of other cloud or Internet-storage
services, experts said. Official and celebrity Twitter accounts
for instance had been routinely hacked.
Apple said on Tuesday the hacks were the result of targeted
attacks on accounts and not a direct breach of its systems. The
company referred to such attempts as "all too common on the
Internet."
But the highly public affair remains potentially one of
Apple's worst public crises in years. Speculation continues to
spread on blogs about flaws in the iCloud service, which lets
computer and mobile users store photos, documents and other data
so they can be accessed from a plethora of devices they own.
Brandwatch, a company that analyzes sentiment on social
media, blogs and other sites, found that prior to the hack,
Apple received very few negative mentions on Twitter, a
testament to its strong brand in the United States.
But in the past three days, 17,000 mentions on Twitter were
related to the security breach as of Tuesday afternoon. 7,600 of
these tweets specifically mention Apple. Some of the negative
words associated with mentions of Apple's iCloud service include
"violation," "disgusting violation," "criminality," "failure,"
"glitch" and "disappointment."
Brandwatch spokeswoman Dinah Alobeid said Brandwatch
differentiates between negative and neutral tweets by analyzing
keywords. There were three times as many negative mentions as
positive mentions related to the incident.
Apple has dealt with several high-profile public faux-pas in
past years, including a maps service criticized for lacking
important geographic detail and "Antennagate," when experts
exposed how a flaw in the latest iPhone led to dropped calls.
Depending on how the hacks went down, this incident could be as
damaging to its reputation, if not more.
"This could be a scary time publicly for Apple," JD Sherry,
vice president of cybersecurity provider Trend Micro wrote in a
Tuesday blogpost. "They haven't had many, Antennagate and Apple
Maps come to mind, and this would most likely trump those."
BUILDING TRUST
The celebrity hacks underscore the longer-term risks for
mobile users as smartphones increasingly become the repository
for far more sensitive education, healthcare and banking data.
And that data gets stored increasingly in personal cloud
accounts, hosted on the public and private Internet.
"We need to get to a point where security is the standard
(and) Apple could make it easier in the set up," said Branden
Spikes, founder and CEO of Spikes Security and former chief
information officer of Space Exploration Technologies.
At its upcoming event, Apple is expected to announce the
launch of a mobile payments service alongside its iPhone 6.
BeyondTrust security expert Marc Maiffret expects the phone
will someday replace the wallet, storing sensitive payments
information such as credit card accounts - data that would prove
increasingly tempting to hackers.
"How long after that does it make sense for your identity
beyond your financial information to follow?" he said.
Apple has encouraged developers to use iCloud. But the leaks
have left some app developers feeling uncertain.
"Things like this happen and you wonder, can you trust Apple
with other people's data," said Ruben Martinez, a developer
building Apple software applications. Martinez said he
considered using iCloud for an app he is building, but he may
now explore other options.
(Editing by Eric Effron and Lisa Shumaker)