What We Can Learn About Cloud Storage From The Recent iCloud Leak
Over Labor Day weekend explicit photographs of a number of female celebrities were published online by an unknown Hacker. Originally, the images were posted on 4Chan by the anonymous individual and later re-posted to Reddit.
Of course the publication of such sensitive photos raises a number of issues: what recourse does Jennifer Lawrence, Kate Upton, and the like have against the perpetrator, who is liable for the publication and republication, can Apple be held accountable for the security breach? This article however, will only briefly discuss the issues inherent with cloud computing and online storage.
Eric Griffith, in PC Mag, explains cloud computing as simply storing your programs and data on a decentralized online repository, not your local hard drive. Over the past 5 years cloud providers have sprung up at every turn. Amazon, Apple, Microsoft, Ubuntu, Google all provide their own cloud service allowing an individual to sync their data across a limitless number of interconnected devices. However, there seems to be a lack of discussion about security, particularly in the main stream. “Content everywhere” is the top billed tag line on Apple’s iCloud website but it doesn’t say where exactly “everywhere” is. Necessarily, an individual’s data must be stored on a central, in this case, Apple server and this 3rd party hosting opens an individual’s data to additional vulnerabilities not found on a closed system.
The addition of any extra component in the data transmission chain, especially one as large and unwieldy as a multinational cloud service, presents new challenges. In the case of these stolen celebrity photos the data in question was housed centrally on iCloud and therefore open to targeted attack on user names, passwords and security questions.
This is not to say that there are not significant security protocols in place to safeguard one’s data. These protocols however seem to be mostly in the transmission stage of cloud usage, that is the data is transmitted using secure methods. Once in the cloud there are different standards of encryption, iCloud uses 128-AES a fairly sophisticated encryption method, but still the data is vulnerable to a clever hacker exploiting a little know system vulnerability.
Because the cloud provides still unknown vulnerabilities and a central location for an individual’s personal data it is an ideal target for hackers with malicious intent. Moving forward everyone should be wary about the type of personal information they allow to be stored on the cloud, financial information, family information, and of course photographs. While the sentiment “if you don’t want it leaked don’t take them” is to close to victim blaming, a better piece of advice for celebrities and the general public alike is: be careful what you trust to the cloud.