Apple Seeks to Address iCloud Failings Following Jennifer Lawrence Nude Leaks
Apple's CEO Tim Cook has sought to address iCloud security failings following the leak of Jennifer Lawrence nude images this week. Reuters

Apple has admitted that its iCloud security is not good enough and will begin implementing changes within weeks - but it comes too late for the dozens of celebrities who this week saw hundreds of their intimate and explicit pictures posted online.

It is also too late for many more celebrities whose accounts are also reported to have been hacked but whose images remain unpublished and in the hands of unscrupulous hackers looking to make money by selling them.

The leak of private images from dozens of high-profile female celebrities - including actor Jennifer Lawrence and model Kate Upton - was blamed on insufficiencies in Apple's cloud storage service, with the hackers able to circumvent security settings by simply answering security questions which were apparently not too difficult to answer.

Now Tim Cook, Apple's CEO, has spoken for the first time about the incident, admitting that the systems the company has in place were not good enough and it has begun to rethink the way it informs customers when someone tries to reset passwords on their accounts.

Terrible scenario

Speaking to the Wall Street Journal, Cook said:

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece. I think we have a responsibility to ratchet that up. That's not really an engineering thing."

The first changes will begin to roll out in a couple of weeks Cook said, with customers beginning to see emails and push notifications when anyone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time.

Previously customers didn't get any push notifications and were only sent emails when the password was changed or users tried to log on with new devices.

That system allowed hackers attempting to breach victims' accounts to also log into their associated email accounts (as people often reuse the same password) and delete the email sent from Apple.

Too little, too late

However this system is still reactionary rather than proactive, as people will only become aware of a problem after it has happened.

In an attempt to be more proactive, Cook says the company will push two-factor authentication, an enhanced security system which is already available to Apple's customers but not implemented by default.

Two-factor authentication works by requiring two out of three pieces of information to log in for the first time on a new device: a password, a separate four-digit one-time code, or a long access key given to the user when they signed up for the service.

It would mean that when a hacker tired access the account remotely, they would need a PIN code sent to the victim's phone, making it much more difficult to gain access to iCloud accounts.

Apple said that when it launches iOS 8 in the coming weeks, two-factor authentication will be much more prominent and customers will be actively encouraged to turn it on.

Apple's share price dropped significantly in the wake of the controversy as Apple scrambled to address the issue ahead of one of its most important media events in years on 9 September when it is expected to launch the iPhone 6 and iWatch.

The company is also expected to launch a new payments platform which will require customers to trust Apple with their financial information, while the iWatch will seek to collect lots of personal data about customers' health and fitness.

Tim Cook will likely have to address the iCloud security issue again next week, as the company seeks to reassure customers that it can be trusted with customers most private information.