As a September 2nd article in Bloomberg points out, Apple Inc. (NASDAQ:AAPL)’s terms of service agreement for iCloud is pretty much legally ironclad, so iPhone and iPad users who have had nude selfies or other private files stored in the cloud hacked and stolen have little recourse. The recent controversy over the posting of nude selfies hacked from a number of celebrities’ iCloud accounts just highlights the buyer beware and corporations can do no wrong mentality that pervades the U.S. today.
Recent iCloud nude selfie hacks
The issue of legal responsibility for cloud storage providers has come to the fore in the last couple of days following a rash of unauthorized nude selfies from a number of celebrities started showing up on website over the Labor Day weekend. Nude and provocative selfies (obviously not designed for public viewing) taken by well-known actresses such as Jennifer Lawrence and Victoria Justice began appearing on various celebrity websites on Friday night, and the social media universe was soon abuzz with discussion over the hack and the responsible parties.
iCloud hacks were simple brute force attacks
The bad news for Apple Inc. (NASDAQ:AAPL) is that the hackers who stole the nude selfies apparently accessed the accounts through an obvious vulnerability in the Find My iPhone feature: a lack of “brute force” protection. Almost all websites today don’t allow a user to enter wrong passwords thousands of times, and the account locks after 3-5 failed tries in most cases. The Find My iPhone feature somehow did not include this basic protection, so passwords could be picked by “brute force” — trying every possible alphanumeric combination.
Apple reports it has now patched the vulnerability and hackers can no longer gain access to accounts via that method.
Apple’s ironclad ToS
Converting the legalese of Apple Inc. (NASDAQ:AAPL)’s Terms of Service into plain English, it boils down to as long as Apple can prove that it took reasonable care to prevent unauthorized access, which is a very minimal bar based on precedent, any iCloud hacks are the user’s “fault” once they have clicked the “Accept” button for the ToS.
Of note, Apple isn’t the only business getting away with ridiculously one-sided terms of service for users of its cloud service. Google Drive and Amazon’s terms of service are quite similar in abdicating all legal responsibility for items stored in their cloud.