Throughout 2014 there have been numerous cases of hackers weaseling their way around the intense security systems of corporations to enter their databases and steal customers’ private information. Recently, Apple has been in the spotlight for their breach in the security system of their Apple iCloud feature. Hackers were able to use an attack called “man-in-the-middle” (MITM), where they were able to interpose their own website between users and Apple’s iCloud server, intercepting data and potentially gaining access to customers’ passwords, iMessages, photos, and contacts. According to Ashkan Soltani, an independent security researcher from the WSJ, Apple could have prevented the attack with increased security measures.
This breach in security definitely questions Apple’s character. The company has been very vague about the entire situation leaving customers in the dark about what really happened. A security measure called two-step verification, which is recommended by Apple, can be easily bypassed using available software that allows access to iCloud back-ups. This two-step verification requires a user to type in a short code sent by Apple to their phone or tablet in order to access their account. This measure is supposed to offer users an extra level of protection. Apple suggested that customers “always use a strong password and enable two-step verification.” This warning comes after it acknowledged that some accounts had been compromised by a “very targeted attack”. Experts agree that Apple has given people “a false sense of security”. People don’t realize they need to take an extra step for their data to be secure. They believe that Apple is taking care of all the security precautions. Apple doesn’t make it clear that users have to go the extra mile to make sure that their information is secured.
Apple released a statement in early September letting customers know that the FBI was involved in the situation however; in mid-October there was another iCloud security breach in China. Although these attacks don’t seem to be related, it questions how secure iCloud really is.
Apple’s moral and ethical values have been questioned because of this situation. They are taking a utilitarian approach in regards to this issue. They didn’t confront the situation and tried their best to transfer blame onto other parties. While they may not have been directly responsible for the security breach, it occurred partially because customers don’t understand how to protect their personal data in iCloud.
What Apple could have done was publicly release a statement, whether it be on their website or through an email to their customers, regarding the situation. In this statement they could have given customers advice on how they can protect their information better and a detailed guide on how to use iCloud. This would have been a much better tactic than brushing the situation under the rug. Customers would feel safer giving Apple their information because they would be aware of how the iCloud works.