Apple and The Fappening: when a firm’s reputation depends on security

The posting online of dozens of intimate photographs of seventeen US female celebrities, stolen from the iCloud, and distastefully dubbed The Fappening, has prompted an outpouring of articles and comments of all kinds, and will doubtless influence the way that we all think about the way store sensitive material, as well as impacting heavily on Apple in particular.

Nobody is safe from an attack of this nature. Exploitation of weaknesses coupled with advanced social engineering means that when somebody with the right knowledge decides to target somebody, and there is sufficient incentive, they will usually achieve their goal. This is something that tends to be limited to celebrities, but that doesn’t mean it couldn’t happen to the rest of us, what’s more, ordinary mortals are likely to find themselves with less capacity for redress, along with potentially more damaging effects than if you are a supermodel or a movie star.

Which means that a good starting place to prevent this happening is to identify and isolate the common factors, which in this case has put Apple and its security practices at the eye of the hurricane. In a country in which the company’s share of the smartphone, tablet, and computer market is its biggest — although not one it dominates anymore — the people who have stolen these photographs have managed to put together a procedure that puts all iCloud users at risk.

Apple’s approach to storing material on the iCloud means that most people are not even aware that this is how their photographs or whatever of the process: the service just appears, and works. A copy of your photos are stored on a remote server, and you probably don’t even know it. And this is where weaknesses surface, even though we all know the weakest link in the chain continues to be the user, which in the final analysis makes them responsible, even if the company offering this service undoubtedly must share some of the burden.

Apple, despite the finger of suspicion pointing to the iCloud, initially denied any responsibility, blaming users for essentially exposing themselves to attack. This is the nub of the problem: if a problem or weakness allows somebody to go from launching a specific attack to designing a way to attack seventeen high-profile users, then in most people’s minds — perhaps not in those of security experts — the root of the problem lies with the company, not users. What we have clearly learned from this case is that “using iCloud put 17 famous people in a vulnerable position, and Apple’s response was to say it wasn’t its fault.” Arguing that sending compromising photographs of oneself is now common practice totally misses the point: the conclusion we have to draw here is “I won’t use iCloud, and less so if I am remotely well-known.”

The problem with drawing such a conclusion is that at a time when Apple’s market share is declining, a trend it hopes to reverse by releasing a new model, the company’s marketing is very much based on the “celebrity effect” of famous people being seen with its products. With just a week to go before it launches the new iPhone, the scandal couldn’t have come at a worse time: for many people, the legendary “Apple Product Cycle” could now be include thoughts along the lines of: “I want it, yes, but I’m not happy at all about its security”. Too many serious ifs, buts and maybes in what used to be a straightforward purchasing decision.

At the same time, there is a bigger threat: the brand’s apparent efforts to carve a slice out of the smartphone payments cake. The iPhone 6 will finally include Near Field Communication technology, and the company has cut deals with American Express, Visa, and MasterCard to turn that into a reality for customers. But electronic payments is an area where users need to feel 100 percent sure that security has been taken care of.

Could The Fappening scandal cause big problems for Apple’s image as a provider of secure services? Is Apple handling this crisis properly? Or will the whole thing be forgotten by the time the next news cycle comes along, and we’ll see a huge rise in iPhone sales after the launch on September 9? And just how successful will Apple be in selling its new smartphone as the way to pay?

(En español, aquí)