Like all computing environments iCloud has its flaws, but it is regarded as highly secure making it very safe to use.
iCloud is secured with 2-step verification and an Apple ID so secure even Apple claims it can’t hack it.
However, there have been leaks of personal information taken from iCloud that was claimed to be caused by an iCloud hack, but this has proven to be false. The data was actually scammed using social engineering and phishing emails.
The truth is there have been no verified iCloud hacks that exposed user data.
Apple takes security seriously and is constantly on the lookout for vulnerabilities, repairing any they find fast.
Is iCloud secure?
“iCloud secures your information by encrypting it when it’s in transit, storing it in iCloud in an encrypted format and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. No one, not even Apple, can access end-to-end encrypted information.”
Overview of iCloud
iCloud was developed by the technological super-giant Apple to make storing and sharing information (such as notes, photos, and documents) easier. It reduced the need for local storage and made it simple to share data between Apple devices.
iCloud utilizes a set of networks and servers to store your information in massive data centers around the world as opposed to keeping a single copy on your phone or computer.
If your Apple device breaks or is replaced you can restore everything from iCloud quickly and easily. You can also easily share your data, such as photos, between devices, and with other people.
So iCloud is actually just one massive, public hard drive. Yes, it is encrypted and secured but it is still a large data storage system. As such it could still be vulnerable to attack albeit with a small chance of it being successful.
Read more about what iCloud is.
Can iCloud be hacked?
With iCloud, you get the benefit of storing your data securely, but it is being kept in a shared environment so there is some potential danger of it being hacked. It doesn’t mean that anyone can rummage around on iCloud and find your files but with some clever hacking work, it may be possible to gain access to your iCloud account and access to your personal stuff.
You shouldn’t panic – the chances of a successful hack on your iCloud account are almost nonexistent and with some sensible choices, you can minimize the risk to almost zero.
Celebrity photo leak
Like any computing environment, iCloud could be hacked with the right skills and tools. For example, there have been some high-profile hacking attempts that resulted in personal data being stolen from iCloud, such as the iCloud leak of celebrity photos.
In the celebrity leak, e-mails were sent to the victims that looked like they had been sent by Apple, warning them that their accounts might be compromised and asking for their account details. The victims would enter their passwords, and hackers gained access to their accounts. Apple denied that there was an iCloud data breach because the data was taken using a phishing attack not via a hack.
The celebrity photo leak showed that it is possible to gain access to another person’s iCloud account and access the data stored inside. To counter this risk Apple introduced 2-step verification where a passcode is sent to a verified email address or another Apple device linked to the same iCloud account. This ensures that only the iCloud account owner can access their account.
Find My iPhone vulnerability
In 2014 a Python script appeared on GitHub that allowed malicious users to hack iCloud passwords using a vulnerability in the Find My iPhone service.
The script allowed hackers to guess iCloud passwords repeatedly without being locked out or alerting the account owner.
The creator of the script said “this bug is common for all services which have many authentication interfaces” and that with “basic knowledge of sniffing and reversing techniques” it is “trivial” to uncover them.
This vulnerability has since been fixed by Apple.
The iDict tool appeared in 2015 on GitHub and it allowed hackers to perform a password dictionary attack, automatically guessing through a list of 500 commonly used passwords in an attempt to gain access to an iCloud account.
Apple iCloud users that don’t have 2-factor authentication activated on their account and used a common password were at risk from this attack.
Stefano Ortolani, security researcher at online experts Kaspersky Lab said: “In order to make your private data more secure, you should cherry-pick the data you store in the cloud and know, and control when the data is set to automatically leave your device.
“For instance, in iCloud, there is a feature called ‘My Photo Stream’ which uploads new photos to the cloud as soon as the device is connected to Wi-Fi; this is to keep photos synchronized across all your devices. Disabling this option might be a good starting point to be a bit more in control.”
This was another vulnerability that Apple failed to block until it was highlighted by a hacker.
How to keep your iCloud account safe
Here are tips to ensure your iCloud account stays secure:
- Use a strong password
- Change your password regularly
- Use 2-step verification
- Turn off ‘My photo stream’.
Remember that if you have set a passcode, turned on Find My iPhone, and you lose your device the contents are secure. You can track your device and even display a message on the screen of the lost device so you can get it back.
Even if the device is found it can’t be reset and reused because of the activation lock. A device can have the lock eliminated but not without your cooperation – so your iPhone and its data are safe.
1. Create a strong iCloud password
It is easy to become lazy and use an ‘easy-to-guess’ iCloud password that is simple for you to remember. However, you should avoid obvious things such as your kids’ names, your maiden name, or your date of birth. If it’s easy for you to remember then it is easy for a hacker to figure out too.
Do not use words either as they are simple to guess too.
So what should you do to create a secure iCloud password?
I recommend creating a sentence that you will easily remember and taking the first letter from each word. For example:
“Jack and Jill Went Up a Hill To Fetch a Bucket Of Water”
would give you a password of
You can capitalize a random word or 2 as well. So you have UPPER and lower case letters.
If you need to use a symbol you can always put a ! or # on the end to make it even more complex.
I also like to substitute words such as ‘to’ with the number ‘2’ to throw in some numbers to make it even more difficult to guess.
Following my suggestions would give you. a final password of:
Much more difficult to guess than, say ‘Kevin1968’, whilst still be easy to remember.
2. Change your iCloud password regularly
Try to change your iCloud password once a month. This will ensure you are always one step ahead of any potential hackers.
We are all guilty of becoming lazy, but if you are pwned changing your password will ensure the hackers can’t use a password taken from a data breach or a less secure computer system.
You’d be surprised and frightened how often this happens.
3. Use two-step verification to sign in to iCloud
Apple has designed its two-step iCloud verification system to work really easily – especially if you have another Apple device.
It works by designating your second Apple product as a ‘trusted device’. When you login to iCloud it then requests a 6-digit code which appears on the screen of the trusted device. Without the 6 digit code, you can’t login, even if you have the correct username and password.
This is very secure.
To set up Two-Step Verification, you need to log in your Apple ID account and go to “Manage your Apple ID > Password and Security > Two-Step Verification“. Then follow the directions to complete the setup.
4. Turn off ‘My photo stream’
If you are worried about personal photos being exposed then you may want to turn off ‘My photo stream’ on your iPhone so they are not copied to iCloud:
- Go to Settings.
- Tap on your Apple ID account.
- Tap iCloud
- Tap Photos.
- Tap the toggle for My Photo Stream to turn it off.
If you turn off this feature your photos will no longer be automatically copied to iCloud or to your other Apple devices. Also, photos are not saved to iCloud when backed up so you need to do a device backup to your computer instead.
It’s always a good idea to approach technology with caution. Tools like iCloud are still fairly new and this means there may be bugs within the code that can be exploited by ingenious hackers.
As with all software you need to be careful, but not paranoid. Overall, iCloud is highly secure but you should still follow sensible rules when it comes to creating and updating your password.
If you receive an email saying you should reset your iCloud password go direct to the iCloud website and don’t follow any links within the message. Some hackers have been known to create spoof websites that look like iCloud but the site is actually stealing your Apple ID and password.
Also, consider what data you are willing to share on iCloud and turn off sharing for things you would not want to be exposed if there was a hack, such as photos.
Following these simple rules will make sure your iCloud data and account are safe and secure.
If you need more help on setting up, fixing, or using your Apple device browse our library of how-to guides and solutions. It includes background information on iCloud and the activation lock.