On August 31st, news companies started reporting on a nasty, targeted attack on a variety of celebrities. Of no real fault of their own, these (mostly) female celebrities woke up to a shock: nude and intimate photos and videos, which were leaked onto the Internet. The “anonymous” hacker seemed to specifically target some of the famous celeb’s Apple iCloud information.
See, Apple has long been a terrible cloud provider. Their iCloud service has frequently suffered security leaks, downtime, and inexplicable bugginess. The beleaguered service hasn’t ever gained traction. Unfortunately, without the cloud, Apple’s future revenue might eventually suffer.
The release of private, celebrity photos came at a terrible time — just two weeks before the new iPhone 6 and Apple Watch keynote by Tim Cook. Apple’s taciturn answer: this is not the fault of iCloud servers or our security. Well, if it was that simple, we could pack our bags and move on from this perverted mess. And as a shareholder, I’d love to!
Reality is far murkier here. As it turns out, there were weaknesses in Apple’s iCloud security, which allowed hackers to penetrate into the “Find My iPhone” portion of the website, and repeatedly guess passwords without any restrictions. Through a brute force application (guess-and-checks tons of passwords over and over again until it gets a winner), the accounts were compromised, illegally downloaded, and provided access to a wealth of explicit photos. Likewise, this determined hacker and/or collective aimed for simple security questions, which were easily guessable for public icons like Jennifer Lawrence. This ultimately allowed for a massive leak of data. While Apple claimed innocence, they quickly rectified security gaps and patched problem areas. The hack was rendered inert; albeit, the damage was already done.
As media consumers, we seem to gravitate towards one scandal or story, and then quickly drift to the next — barely remembering what was important in the first place. This quick consumption of news seems to reduce the real importance of important stories. Frankly, it’s yet another consequence of the 24-hour news cycle — it’s literally endless. Apple is relying on us to rapidly forget the iCloud hacks of 2014.
It was a recipe for disaster, but now Apple is manipulating the message for public gain and increased profit. The genius is mind-bending, and it starts with the distinction between privacy and security. By definition, privacy is the right to be left alone. Simple as that. If you’d like to search for strange Christmas ornaments privately, the assumption is that you’re not tracked, nor should you be concerned about others chiming in on that search. Security, on the other hand, is about being free from danger or threat. From the mall cop to the password on your email account, security attempts to protect us from external threats.Privacy and security can be overlapping concepts, where security is necessary for privacy. Without security, privacy quickly disappears.
The point is, privacy and security are different, and Apple is purposively confusing the two. By hacking the iCloud accounts of various celebrities, this mercenary crew showed wicked flaws in Apple’s “secure” platform.
The evil brillance at Apple has been a prolonged offensive on Google’s data-mining business. Tim Cook has repeatedly spoken about the privacy and security embedded in Apple’s products, along with their commitment to respecting individuals’ rights. Each time Cook has mentioned their push for privacy, it’s come with a dig against Google. In the preceding video, Cook lambastes competitors for tracking users, while emphasizing Apple’s age-old push to “try not to collect data.”
Even in the recent keynote address, Apple executives emphasized the privacy features every step of the way. With the recent introduction of payments via Apple Pay (hold an iPhone in front of a receiver to pay), the company said they wouldn’t monitor transactions — that they were between you, the merchant, and credit card company. If you didn’t know better, you might assume that Apple is the most private company in the world.
Apple is clearly trying to quickly evade and rebrand themselves as the last privacy conscious mega-cap company in the country. And if people don’t pay attention, it just might work. If you are a consumer and you hear about individual hackers, corporate espionage, and governmental spies, you’ll want the most private hardware system you can find. Unfortunately, it’ll cost you and arm and a leg (around $1000 for the Macbook Air), and may not even be more secure than other platforms.
Take the Google Chromebook, for instance. This computer costs about $200 to $300 depending on the model you choose. The computer automatically updates to the latest operating system, protects you from viruses and malware, has a verified secure boot (which prevents internal changes from the operating system by outside hackers), and lasts about 10-12 hours on a single charge. These are considered one of the most secure systems on the market today. Chromebooks are perfect for most everything, and they’re a real threat to Apple’s business model. To save all that money, you sacrifice a bit of privacy to Google’s servers, but none of the security.
That’s the problem: Google and their Chromebook line is a threat. Apple has a moment to quickly switch the media spin cycle to full blast, argue that they’re a privacy-focused company, and get you to pay about $800 more on a laptop than necessary.
We live in a world where privacy and security are threatened in a multitude of ways — not least of which by capitalistic disinformation. From private hackers to the NSA, security is being attacked. And as security goes, so does privacy. But privacy should be a right; in fact, it’s a part of the Fourth Amendment. Privacy is a right afforded to us by our constitution, and one that we must continue to defend. We should never need to pay for privacy, as Apple would have us believe.
As a software developer, I can confirm that icloud is a mess. There’s a reason more 3rd party apps don’t use it… it’s unreliable and hard to develop against.
That being said… users need to pick strong passwords. If you are using one word + one number… then you’ll be hacked at some point. Unfortunately, if the password is easy to type on your phone, then it will be easy to hack.
A. I didn’t know you were a software developer! Interesting. 🙂
B. I agree about the PW thing. I use crazy whack-o pw’s usually that have no meaning. xkdjUU**93! <– that's a good one for me. 🙂
Not to derail your analysis that Apple is trying to pivot the discussion on the privacy/security thing, which I think is totally true, but there are a LOT of differences between a Chromebook and a Macbook that explain the Macbook premium. Between processor capabilities, memory (SSD > cloud storage any day of the week in 2014), cloud vs. local software, graphics, etc the Chromebook and Macbook are at opposite ends of the price spectrum for a reason. That said, there ARE parts of the market that can be well served by either type of machine, but to say the cost differential is based on ephemeral branding is a bit of an overstatement.
Also, regarding the celebrity hacks, it really is just another piece of evidence that we shouldn’t be using “What’s your hometown?” as a password reset question. This is not really an Apple-specific practice, most companies have a similar thing going on, but we really need to either nix the practice altogether or train users to put real secondary passwords in those fields rather than true answers which are easily look-up-able.
I think the biggest issue are the hackers intentions. That’s the root of the problem and the lack of security features and encroachment to privacy exacerbates it. I have noticed the spin and that’s because Apple is a marketing genius.
I hate how people seem to disregard the Constitution as antiquated. The PRISM Program is completely unacceptable! Why isn´t everyone panicking?! When I mention the 4th ammendment, I get labeled and disregarded as a crazy-constitutionalist.