After Celebrity Photo Hack, How Safe Is the Cloud?
A trove of celebrity nude images — purportedly of some major celebrities — spread across the web Sunday evening. Although the veracity of many of the images in question is unclear, a number of celebrities have confirmed that they are the victims of this violation of privacy.
Hacking into cell phones or online accounts to access nude or personal photographs from celebrities is hardly new (remember when Paris Hilton’s SideKick was hacked?), but what makes this incident potentially more disturbing are the rumors that this cache of images is associated with a broader attack on iCloud and its Photo Stream feature.
To be clear, it is not confirmed that iCloud was involved in this incident. We’ve reached out to Apple for comment and will update if we get any statement from the company. It’s also important to note that even if iCloud accounts were compromised, that doesn’t necessarily signify a larger, systemic breach.
Still, knowing how many people use iCloud, we wanted to address how safe iCloud and other cloud systems, such as Dropbox, Google Drive and OneDrive, are.
An overview of iCloud security
On its website, Apple has an entire overview of the security measures in place to protect data on iCloud.
iCloud data is encrypted both on the server and when it is in transit (that means, when it is sent from your device to the server). For photos, Apple says that there is a minimum level of 128-bit AES encryption.
Image: Screenshot Apple.com
On official Apple apps, Apple uses secure tokens to authenticate an account. This means that your username and password aren’t stored within the apps themselves. For third-party apps that might access iCloud, Apple sends the username and password over SSL.
This means that as long as your password is unique and secure, it should be very difficult for someone to intercept your data as it is sent from your phone or computer to Apple’s servers.
How strong is your password
The real question is less about how good iCloud security is and more about how strong (and how unique) a user’s password is.
Apple requires users to have a password with at least 8 characters, a number, an uppercase letter and a lowercase letter. I know that in the past, however, if you had a password that did not fit those rules, Apple wouldn’t force you to create a new password unless you were signing up for two-factor authentication.
Moreover, the real problem that most users run into isn’t that their password isn’t strong enough; it’s that it isn’t unique.
Look, it’s tough to keep track of the hundreds of different passwords we create for our various accounts. Thus, it usually becomes easier to just reuse the same password over and over again.
This is problematic because if a site that you use frequently is hacked and you use that email/password combination for other accounts, all of those accounts are at risk, too.
This means that even if your password was created to be “strong,” it’s useless if you use it (and the same email or username) at multiple places. Hackers have access to large database sets of compromised usernames and passwords.
This is why we always encourage users to change their passwords anytime that password is used in more than one place with the same login name. This is especially true if an account is important or is linked to another account (such as Facebook, Gmail or Twitter).
Although passwords can be problematic (because people reuse them), even that risk can be mitigated through the use of two-factor authentication. Two-factor authentication means that before you can access an account, you must login with both a password and a unique device code (usually sent via SMS or from an authenticator key).
Apple offers its own support of two-factor authentication for iTunes and iCloud accounts. If enabled, this means that before a new computer or device can gain access to your iCloud data, you must approve that device with a four-digit authentication code (sent to your phone via SMS) or grant access from another enabled machine. A pop-up also appears on all of your devices letting you know that another computer now has access to your iCloud or Apple ID data.
Although it’s great that Apple offers two-factor authentication, we should note that the setup process with Apple’s two-factor system is not as easy as setting up two-factor authentication with Google or Dropbox. Apple’s system does not work with third-party authenticators such as Yubikey or Google’s own Google Authenticator protocol for generating unique four-digit codes.
The setup process for two-factor authentication is such that we suspect the vast majority of users do not have it enabled on their accounts. This means that for most accounts, access to iCloud and assorted data could be obtained by simply gaining access to the iCloud password.
Social engineering: the real threat
Apple’s built-in security systems are quite robust. The option for two-factor authentication is yet another way for users to double down on their security.
The real vector, however, for most security attacks isn’t necessarily with security bugs built into the systems themselves, but with an area much harder to protect against: people.
In 2012, Wired reporter Mat Honan was the victim of an extensive hack that left his digital life in shambles.
The hacker didn’t gain access to Honan’s accounts by cracking his passwords. Instead, he was able to use public information, unsettling security practices by tech support and good old-fashioned social engineering to ultimately gain access to his Gmail and iCloud accounts.
Two years later, companies such as Apple and Amazon (who both inadvertently aided the criminal in accessing Honan’s accounts) have changed their support policies. But unless two-factor authentication is turned on, social engineering and getting the right (well, wrong) tech support agent could offer up access to the wrong person (or allow a criminal to get important information useful in getting into an account by successfully answering secret questions).
Accessing content from local devices
If you sync your computer with iCloud or iPhoto, the files sent to iCloud and those stored on iCloud are encrypted and secure. The files on your device itself, however, might be another story.
As an example, if your iPhone or iPad does not have a passcode on it (and does not have the option that requires the user to approve access to USB every time it is plugged into a new machine), someone could plug your device into a computer and use iTunes or other third-party programs to copy every file from your phone. Some of those files may be encrypted, but files such as photos and videos are not.
With iOS 7 on the iPhone 4S or iPad 2 and higher, if a locked phone is connected to a computer, even if the entire file system is copied over, the contents of that system are still encrypted as long as you have a passcode on your phone.
Likewise, although Apple offers great encryption built into OS X, it’s not enabled by default. That means that if someone gains physical access to your laptop or desktop and can get into your user account (assuming you have a password set), that person can access your files.
This has nothing to do with iCloud per se, but your local data can often be intercepted more easily than data on the cloud.
So can you trust iCloud?
Until we see any evidence that indicates that a broader iCloud breach occurred (or even get confirmation that iCloud was involved in these incidents), we have no reason to believe that iCloud is unsafe.
The much more important question that users should ask themselves — whether they use iCloud or Google or OneDrive or Dropbox — is if they can trust themselves.
Using secure, unique passwords on their accounts and devices
Using two-factor authentication when available
Enabling locks and passwords on computers and phone accounts
Running the latest version of an operating system
Those steps alone won’t ensure that your data will always be safe — but it will go a long way in minimizing how attackers can access your accounts.
Have something to add to this story? Share it in the comments.