At least some of the iCloud account credentials that a group of hackers are holding for ransom appear to be legitimate, according to an investigation by ZDNet. A London-based group of hackers calling themselves the “Turkish Crime Family” claimed earlier this week to have gained access to millions of iCloud accounts, threatening to remotely wipe victims’ devices unless Apple paid a large ransom. While Apple later indicated that there had been no breach of its systems, analysts have suggested that the hacker group likely has data acquired from one or more breaches that occurred years ago at sites such as LinkedIn. Due to the obvious naming of iCloud accounts and the number of users who may reuse passwords, a dump of passwords stolen from another site could easily be exploited to hack at least some iCloud accounts.
Hackers identifying themselves as the “Turkish Crime Family” claim to have access to millions of iCloud accounts and are threatening to remotely wipe victims’ devices unless Apple pays them a ransom, Motherboard reports. The hackers have demanded either $100,000 worth of iTunes gift cards or $75,000 in Bitcoin or Ethereum to delete the data they claim to have stolen. One hacker provided unverified screenshots of email exchanges with Apple security and access to an email account used to communicate directly with Apple. In one email, a member of Apple’s security team asked, “Are you willing to share a sample of the data set?” The hackers then uploaded a YouTube video of them accessing an elderly woman’s iCloud, prompting Apple to allegedly request that the video be taken down and inform the hackers the company was contacting authorities.
Apple’s sudden removal of the Activation Lock status checker from its website could have been in response to its use in hacking locked iOS devices, MacRumors speculated in a new report. A video posted by REWA Technology illustrates a process for finding valid serial numbers using the Activation Lock status checker and using those numbers to unlock an iPhone or iPad. Apple hasn’t confirmed any reason for shutting down the website, but since September, some users trying to activate new or restored iPhone 6s, 6s Plus, 7 and 7 Plus models have reported finding their phones locked to another Apple ID, and only Apple has been able to fix the problem. The full video of the hacking method used can be seen below, but without the steady supply of valid serial numbers previously available from Apple’s website, the process is now useless.
Apple has deleted the Activation Lock checker from its website, effectively removing one method which helps customers verify that used products haven’t been stolen. First spotted by 9to5Mac, the change is also reflected in Apple’s Find My iPhone support documentation, which used to recommend running the serial number of a device though the ‘Check Activation Lock Status’ page on iCloud before buying it. Now the page that once hosted the verification tool ends in a 404 error.
Apple has debuted a major update to its web-based iCloud Photos app at iCloud.com, presenting a new user interface that more closely resembles the macOS Photos app. A new sidebar is enabled by default which provides more streamlined browsing of photo albums, although as in the corresponding macOS app, users can choose to toggle the sidebar off using a button at the top of the screen. Multiple photos can now be selected, and action buttons in the top-right corner will apply to all selected photos, allowing you to share, download, delete, or file several photos at a time; individual photos can also be organized into albums via drag-and-drop into the sidebar. Viewing an individual photo also now displays a carousel of thumbnails at the bottom of the screen, allowing you to quickly browse through other photos in the same album.
Notably, the new web Photos app doesn’t yet include the complete list of smart albums from the macOS and iOS versions, omitting such albums as People, Places, Selfies, and Depth Effect, and hasn’t yet added support for the new macOS Sierra and iOS 10 features such as memories, people, and places.
Some iCloud users have seen spam pop up in their calendar invitations in recent weeks, and Apple has now introduced a way of reporting such spam. Users will now see a “report junk” option in unsolicited calendar invites from any senders who aren’t contacts. The “report junk” option is currently available on iCloud.com, and it will hopefully be seen in the iOS calendar app in the near future. While this isn’t a complete solution to the problem, it’s a step in the right direction. There are a few workarounds in the meantime — if it’s an issue for you, we suggest going to the Advanced tab in Calendar preferences, and opting to receive event invitations as email messages, rather than as in-app notifications. [via MacRumors]
Apple has issued a statement in response to a problem that many iCloud users — including members of our iLounge team — have experienced in recent weeks, with spam being sent via iCloud calendar invitations. Spammers have been exploiting the fact that iCloud calendar invitations are sent via a dedicated iCloud communications channel that, unlike email, doesn’t presently include any anti-spam filters. In a statement tweeted by Rene Ritchie, Apple apologized, noting that some users are experiencing the problem. The company is working to address it by identifying and blocking the culprits, and working to filter the invites themselves.
Apple’s statement on iCloud calendar spam. They’re sorry and they’re working on it. pic.twitter.com/oaSHSywVxG— Rene Ritchie (@reneritchie) November 30, 2016
In the meantime, users can work around this problem by logging into their web-based iCloud account online at iCloud.com, going to the Advanced tab in Calendar preferences, and opting to receive event invitations as email messages rather than in-app notifications, where email-based anti-spam filters will likely have better success at catching the bogus calendar invites.
Apple is working on bringing together its various Cloud Services teams into a single campus to improve product development, Bloomberg reports. Although they all come under the oversight of Apple SVP Eddy Cue, teams for services such as Siri, Maps, iCloud, Apple Pay, Apple News, Apple Music, and iTunes generally work in isolation from each other, at various office park locations rented out throughout Cupertino and Sunnyvale, California. With Apple’s new futuristic Apple Campus 2 scheduled to open next year, Cue feels that unifying his Cloud Services teams at the current Apple Campus will improve his organization in terms of improvement development time and product stability, and will continue to build on Apple’s rapidly growing cloud services business.
Responding to the ever-growing size of many users’ photo libraries, Apple has added a new 2TB tier to its iCloud storage service, doubling the previous upper limit. Apple’s website lists worldwide pricing figures for the 2TB option, which costs $20 a month for U.S. users. Last September, Apple reduced the monthly cost of the 1TB option from $20 to $10, cut the price of the 200GB option from $4 to $3, raised the storage space for the $1 a month subscription from 20GB to 50GB, and eliminated the 500GB option all together.
Apple’s efforts to fix certain technical problems with iCloud and iTunes have been hampered by “political infighting” among two engineering teams in the company, The Information reports. One manager has already resigned from Apple, with more departures “expected soon.” Apple reportedly wishes to take the cloud infrastructure used in Siri and bring it to more of its services, some of which are within the realm of the iCloud team — iCloud engineers are said to be concerned about job security as the Siri infrastructure encroaches on their domain. Apple is also working to bring all of its iCloud infrastructure in house. [via 9to5Mac]
Apple has published a Report on Government Information Requests covering how it handled demands for information from law enforcement agencies received during the second half of 2015. The company said the “vast majority” of those requests were for information about lost or stolen devices, about which Apple complied 80 percent of the time within the United States. Totals outside the U.S. fluctuated between 52 and 80 percent.
Apple has issued a public response after the U.S. government dropped its lawsuit demanding the company’s assistance in hacking into a terrorist’s iPhone, with the company saying it will continue to aid law enforcement while also continuing to increase the security of its products. “From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent,” Apple said. “As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.”
Apple has been migrating more of its cloud computing to Google, but a new report from The Information claims the company is aiming to create its own extensive set of data centers and servers to bring all of its cloud services in-house. Last week CRN reported Apple has quietly been moving much of its cloud computing to the Google Cloud Platform and away from Amazon Web Services, whose infrastructure it uses to run online services like iCloud. Anonymous sources said Apple is now spending between $400 million and $600 million on Google’s services after becoming dissatisfied with AWS being unable to quickly load photos and videos on users’ iOS devices.
Alongside redoubled efforts to strengthen iOS security, Apple is trying to make iCloud encryption so tough that the company won’t be able hand over information to law enforcement, but has concerns that such strong encryption could be a detriment to users who forget their passcodes, The Wall Street Journal reports. Apple’s current iCloud backups are encrypted, but not tied to a user’s unique passcode, so authorities can access content users back up this way with relative ease. Over the years Apple has provided police with information tied to a variety of court cases, but after FBI demands that Apple build a way to crack a terrorist’s iPhone, the company is faced with the possibility that it could be asked to hack into its own security systems. Tim Cook has reportedly told colleagues that he continues to stand by Apple’s goals to encrypt everything stored on Apple devices and online services, including iCloud. So in response to FBI pressure, Apple wants to re-engineer the iCloud backups with encryption based on each user’s passcode, making the company unable to decrypt the data without the proper passcode. That would take the keys out of Apple’s hands when the government comes asking for information, but it would also leave users who forget their passcode without a viable option for retrieving their personal data, leaving Apple in something of a quandary over how far it’s willing to inconvenience users in order to make its products more secure. [via 9to5Mac]
Recent comments from Apple’s main partner in content delivery hint at the company ramping up its in-house capability to provide faster downloads and streaming speeds to users, Business Insider reports. During an earnings call, Akamai CEO Tom Leighton forecasted a serious drop in revenue from one of the company’s “largest customers” — assumed to be Apple — resulting from “their increased do-it-yourself, or DIY efforts.” Apple is investing heavily in its own custom-designed data centers, and streaming services analysts have tracked OS X downloads now coming directly from Apple as opposed to their usual delivery through Akamai. Tim Cook has put a renewed emphasis on Apple’s commitment to online services like iCloud, but the improved in-house content delivery network would also bolster Apple’s rumored plans to offer streaming TV service, allowing the company more control over the streaming quality and lag that end-users would experience.
The Russian government is considering a bill that would increase taxes on a dozen categories of digital products and services offered by foreign companies like Apple, including ads, games, movies, marketplace transactions and cloud computing, Bloomberg reports. In a recent interview described as “peppered with expletives,” Russian Internet Czar German Klimenko said he is pushing to raise the taxes to level the playing field for Russian competitors, following the lead of other European countries. “When you buy an app from Google Play or the App Store anywhere in Europe, VAT is charged at the place of payment, but not here in our banana republic,” Klimenko said. The new bill proposes an 18 percent value-added tax on an estimated $3.9 billion in profits earned on digital media and services by Apple, Google and other foreign technology companies. Klimenko also railed against Apple’s compliance with U.S. sanctions on Russia after the country annexed Crimea, calling that decision “the point of no return.” Apple declined to comment on the proposed tax increase.
After reports of multiple users being able to go over the old limit of 25,000 songs in their iTunes Match or iCloud Music Libraries, Eddy Cue confirmed Apple has “started rolling out support for 100k libraries,” MacRumors reports. When Apple Music launched in June, Cue promised Apple was working on raising the limit to accommodate larger libraries. Several users have documented pushing past the 25,000 song mark, but Apple still hasn’t updated its support page or made a public announcement, so it’s unclear how many users have access to the extra capacity and when the rollout will be complete.
Apple has announced new pricing tiers for its iCloud Storage Plans, more closely matching the prices offered by competing services such as Google Drive, Dropbox, and Microsoft. Effective today, users can purchase 50GB of iCloud storage for $1/month (users previously only received 20GB for that price), 200GB for $3/month (down from $4/month), or 1TB for $10/month (down from $20/month). Users still get 5GB of storage for free, while the prior 500GB plan which was priced at $10/month has now disappeared rather than being similarly discounted.
BREAKING: Apple says it has not discussed & is not planning MVNO cellular service following reports saying it was planning on doing that.— CNBC Now (@CNBCnow) August 4, 2015
According to a CNBC tweet, Apple has denied reports that it is in talks to launch a mobile virtual network operator service. The denial comes one day after Business Insider published a story claiming Apple was interested in leasing space from existing cellular carriers to provide its own service in which to offer data, calls and texts directly to iPhone users. As of this writing, Business Insider’s original story still ends with the line, “We reached out to Apple for comment on this story and will update if we hear back.”
Apple is testing a service that uses Siri to answer missed calls and transcribe voicemail messages, Business Insider reports. The iCloud service would then deliver voicemails in text form, preventing users from having to listen to their voicemail. Since it can be quicker to leave a voicemail than send a text, but quicker to read a text than access a voicemail, the rumored solution aims to bridge that gap and simplify the interaction from both sides. The iCloud Voicemail service is also able to relay information about where the phone’s owner is and why they’re unable to take the call. Apple employees are testing the service now with the hopes of rolling out the new feature some time in 2016, presumably in iOS 10. Apple has beefed up Siri substantially in recent months, adding commands to control HomeKit-enabled devices and providing more contextually relevant search results in iOS 9.