I have friends that own a Windows laptop and an iPhone. They are so concerned about privacy that they cover their laptop’s web camera with a duct tape. Well, there’s nothing wrong with covering your computer’s camera, but these “geniuses” then take their iPhones to washrooms with a selfie camera wide open. Seriously, with laptop snooping, the worst picture hackers can get hold off is you looking stupid on a work desk. Compare that to spying on a phone, which most people tend to take to even the most intimate places. Such people got a rude shock today when some users reported an exploit in iPhone’s FaceTime feature. As per the reports, this issue enables wannabe spies to eavesdrop on other people without their knowledge. A caller can hear the voice on the other end even if the other person is yet to receive or decline a call. As a result, Apple has temporarily disabled the facetime service. It is ironic how the company that smugly attempted to troll Google and Amazon over privacy at CES 2019 got face-planted within a month. This news has left many iPhone users aghast. However, if you have been tracking Apple security news in recent years, this is not surprising at all. In fact, here are some of the most scandalous security debacles that left the Cupertino company red-faced:
Celebrity iCloud Hack (2014)
A month before the iPhone 6 and 6 Plus launch, the cradle of memes and dark humor 4Chan took the media by storm after leaking private (mostly nude) pictures of celebrities. The breach, also known as The Fappening, affected over 500 celebrities including Hollywood A-listers such as Jenifer Lawrence and Kate Upton. So how did this happen? Well, we all know that celebrities are iPhone users and they don’t fiddle much with the device’s settings mostly because they are busy clicking nude selfies in free time. So, on default settings, each camera shot automatically gets backed-up on Apple’s iCloud server. Moving on to Apple’s security “expertise”, the Cupertino company for some reasons decided not to limit the login attempts. As a result, hackers had unlimited chances to brute force a password! Using this method, hackers got access to iCloud accounts of celebrities. Seriously, login cooldown is a web security 101. But, hey Apple likes to think differently, right?
Jennifer Lawrence upon learning about the iCloud breach.
High Sierra Vulnerability (2017)
Just a couple of years ago, Apple rolled out MacOS High Sierra update. The Cupertino company’s latest version of operating system had a glaring security flaw that let anyone log in to a locked MacBook or iMac without entering a password. As reported by Lemi Orhan Ergin, the root of the problem was literally the text “root”. The co-founder of CraftBase found out that using “root” as username with a blank password enabled anyone to gain access to Apple devices running High Sierra. Sure, I can understand that developing an operating system is not an easy task. This is exactly why people didn’t complain much about High Sierra’s trivial issues such as stuttering animations and broken extended monitor support. But, login with black password is just too amateur a mistake for the world’s most valued tech company.
Dev Center Breach (2013)
Apple’s security lapses have not only affected its users, but also hundreds of individuals from its developer community. Back in 2013 when the iPhone 5 was a rage, a group of hackers breached Apple’s DevCenter website. It resulted into compromising the personal information of developers. As per reports, the security breach compromised developers’ names, addresses, and email addresses. Apple initially denied these reports by saying that it took the website offline as a precautionary measure. After all, it is the company that told users they are holding their phone wrong in 2010. However, after backlash from the community, the Cupertino company accepted that they got owned. What’s worse is that a security researcher Ibrahim Balic had warned Apple about its security flaws. However, the company was so cocky about its infrastructure that it decided to completely ignore his bug reports. Balic, then went ahead and extracted information of over a 100,000 users. Speaking to 9to5mac, he claims that he is planning on deleting all this information.