Jaap Haagmans The all-round IT guy


Afraid of the cloud? No, you’re not.

I'm sensing this is becoming a very hot topic again, especially since the "celebrity nude leak scandal" that has unfolded yesterday. Which is why I'd like to take this time to advocate the cloud, or better said, tell you why it isn't really "the cloud" that's at fault here.

I'm not going to explicitly define the cloud here, because if you read this, you should already know what the cloud is. If you don't, check this Wikipedia article. This definition is quite broad and it allows for iCloud to be called a cloud service.

If the problem is indeed with a security issue with iCloud (which hasn't been confirmed yet), even most of us cloud-geeks will probably say that something like this was bound to happen. Everyone's been putting their images on the cloud, without giving it any real thought. Apple is a company that focuses on usability and -not- on security. It's their main selling point, but it's also a weakness. And way too big a weakness for me.

Luckily, it doesn't seem to be a situation where there was just a big heap of data, easily unlocked with just one master key. It appears to be a flaw in the login method for the Find Your Phone app that Apple provides, which allowed for brute force attacks (although this is still unconfirmed). This means that if you're not a celebrity, you probably haven't been leaked.

iCloud in fact does encrypt your data and the key to decrypting it is your email/password combination. But that also means that anyone who knows, can guess or brute force your password can access your iCloud storage. It even seems that Apple archives deleted images, meaning they can be retrieved even after they're deleted from your phone.

This is not a problem of the cloud as a whole though. Huge data storage can be protected with proper encryption methods. You can protect your account with two-factor authentication, but it's not something Apple actively encourages. Which is a shame, because it's exactly what could have saved all these celebrities from having their pictures leaked. They were probably not even aware that there was a risk involved and that they could have prevented it themselves.

Google does that better, although I feel they should also take note. The added security for Google accounts can be complicated for some and might not be as airtight as possible. I'll get back to that in another article.

We're leaving the cloud!

No, you're not. The cloud is everywhere now, leaving "the cloud" will mean shutting off your internet connection. However, you might want to think about what you're doing with all these services. For instance, have you been sending sensitive information to someone using Whatsapp? Whatsapp has been known for its security flaws (especially when used over Wifi) and no one really knows what Facebook does with your messages. And do you really need iCloud? iCloud is in fact a horribly broken concept for anyone who just wants to backup important data.

When you're done reading this, enable two-factor authentication on your Gmail account and, if you're using it, on your Apple account and you've probably become a lot safer instantly, but also think about what you're doing on "the cloud". Because even though most cloud services are protected better than you can imagine (and some aren't, which is really worth noting), every system is vulnerable at some point in time.

Comments (0) Trackbacks (0)

No comments yet.

Leave a comment

No trackbacks yet.