Share this
iCloud Hack: Apple Vulnerability Reveals More Than Security Breach
by Bridget.Giacinto on Oct 9, 2014 8:33:35 AM
Cloud file-sharing services like Apple iCloud have almost become synonymous with cloud backup, but in reality they are not the same thing. Online or cloud file sharing services were originally designed to make it easier for users to upload and download large files for sharing that were simply too large to email. Cloud file sharing services have exploded into a rapidly growing market that allows users to access and share photos, videos and document files on the go from anywhere. But as these services become more mainstream the question becomes, how secure is our data and should we be concerned about the safety of our personal files in the cloud. My response is yes…we should be concerned and the latest iCloud hack only proves this point. At least with backup software you can encrypt your backups and then save them to the cloud (even if they are then synched with a file sharing service). For information on the difference between cloud backup and file sharing, read our post, What Do You Mean Dropbox / Onedrive / Google Drive isn’t Backup.
Who Was Affected by the iCloud Hack?
The recent iCloud hack should raise some eyebrows and not just due to the fact that nude celebrity photos were leaked onto the Internet, but also because it goes to show that cloud file sharing services are not impenetrable…and our files may not be as secure as we may have previously thought. The security of our data, no matter where it is stored should be of utmost priority. No one should ever have to go through the utter devastation that celebrities like The Hunger Games star Jennifer Lawrence and model Kate Upton (among over 100 others) are now faced with the reality that their private and very personal photos were leaked onto the Internet at the hands of a group of hackers who broke into their iCloud accounts. If Apple’s iCloud service can be hacked, so can others…no file sharing service on its own is 100% secure.
How Hackers Cracked into Hundreds of iCloud Accounts
While there are several theories as to how this could have happened, the leading theory is that the vulnerability was in Apple iCloud’s “Find My iPhone” app service, which is designed to help users locate lost or stolen iPhones, laptops and iPads. Typically there are security measures in place to lock users out when a passwords is entered incorrectly after three to five attempts to prevent so-called brute force attempts to gain access to users’ password data. The flaw in the “Find My iPhone” service resulted from NOT having any type lockout system in place. This vulnerability gave hackers a means to make an unlimited number of password guesses, which they allegedly did using software on GitHub called iBrute, to automate this guessing process. Once these hackers were able to gain access to user’s Apple ID login credentials, they were able to use that same password to login to user’s iCloud service and retrieve user’s personal photos...and to make matters worse, these hackers uploaded these nude celebrity photos to photo sharing site that were then spread through social networks. No one, no matter what their celebrity status should be subject to such a complete and utter invasion of ones privacy.
In the aftermath of the nude photo scandal, Apple has reportedly fixed this security flaw by placing a five attempt lockout on Apple ID passwords for the “Find My iPhone” service. Now the question becomes, what can we do to protect ourselves so that we are not vulnerable to the next attack.
What We Can Learn From this Vulnerability
This vulnerability that has became very real for the victims of this attack should be a wakeup call for all of us. None of us are exempt and all of us need to take the steps necessary to protect ourselves online. One way we can protect ourselves is to choose stronger passwords that are longer in length and include a combination of letters, numbers and symbols. Secondly, do not use the same password for multiple online accounts. The last thing you want is to have one vulnerability lead to a complete compromise of your entire virtual landscape.
In an attempt to increase the security of your iCloud account, Apple now offers an optional two-factor authentication which allows users to secure their iPhones and iPads with a second layer of security. Here is more info on how to set this up directly from Apple support. That being said, the verification code that is sent to your phone appears on the lock screen, so anyone who has your phone would be able to access this code without unlocking your phone, which in my opinion defeats the purpose of this added security measure. You can read more about this on an informative blog post called Apple Two-Factor Authentication and iCloud.
Lastly, you may want to consider setting up secure backups of your files and photos using a software like NovaBACKUP, and then syncing your backups to the cloud so that the data stored on the cloud is encrypted.
Share this
- Pre-Sales Questions (112)
- Tips and Tricks (95)
- Industry News (59)
- Reseller / MSP (37)
- Best Practices (30)
- Security Threats / Ransomware (30)
- Applications (26)
- Cloud Backup (25)
- Disaster Recovery (25)
- Compliance / HIPAA (24)
- Backup Videos (23)
- Storage Technology (23)
- Virtual Environments (17)
- Technology Updates / Releases (9)
- Infographics (8)
- Backup preparation (4)
- Products (US) (2)
- Company (US) (1)
- Events (1)
- Events (US) (1)
- October 2024 (1)
- September 2024 (2)
- August 2024 (1)
- July 2024 (2)
- June 2024 (2)
- May 2024 (1)
- April 2024 (1)
- March 2024 (2)
- February 2024 (2)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- May 2023 (1)
- March 2023 (3)
- February 2023 (2)
- January 2023 (3)
- December 2022 (1)
- November 2022 (2)
- October 2022 (2)
- September 2022 (2)
- August 2022 (2)
- July 2022 (1)
- June 2022 (1)
- April 2022 (1)
- March 2022 (2)
- February 2022 (1)
- January 2022 (1)
- December 2021 (1)
- November 2021 (1)
- September 2021 (1)
- August 2021 (1)
- July 2021 (1)
- June 2021 (1)
- May 2021 (2)
- April 2021 (1)
- March 2021 (2)
- February 2021 (1)
- January 2021 (1)
- December 2020 (1)
- November 2020 (1)
- October 2020 (2)
- September 2020 (4)
- August 2020 (2)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (1)
- March 2020 (3)
- February 2020 (2)
- January 2020 (2)
- December 2019 (1)
- November 2019 (1)
- October 2019 (1)
- August 2019 (1)
- July 2019 (1)
- June 2019 (1)
- April 2019 (1)
- February 2019 (1)
- January 2019 (1)
- December 2018 (1)
- November 2018 (2)
- August 2018 (3)
- July 2018 (4)
- June 2018 (2)
- April 2018 (2)
- March 2018 (2)
- February 2018 (2)
- January 2018 (3)
- December 2017 (1)
- September 2017 (1)
- May 2017 (2)
- April 2017 (5)
- March 2017 (4)
- February 2017 (1)
- January 2017 (1)
- December 2016 (1)
- November 2016 (1)
- October 2016 (2)
- September 2016 (1)
- August 2016 (3)
- July 2016 (2)
- June 2016 (3)
- May 2016 (7)
- April 2016 (8)
- March 2016 (1)
- February 2016 (3)
- January 2016 (12)
- December 2015 (7)
- November 2015 (5)
- October 2015 (6)
- September 2015 (2)
- August 2015 (3)
- July 2015 (2)
- June 2015 (2)
- May 2015 (1)
- April 2015 (5)
- March 2015 (3)
- February 2015 (4)
- January 2015 (2)
- October 2014 (5)
- September 2014 (8)
- August 2014 (5)
- July 2014 (8)
- June 2014 (4)
- May 2014 (3)
- April 2014 (9)
- March 2014 (7)
- February 2014 (7)
- January 2014 (5)
- December 2013 (4)
- October 2013 (7)
- September 2013 (2)