Over the weekend, Gizmodo writer Mat Honan witness the unpleasant experience of having his iCloud account hacked, all his devices remote wiped, and his Twitter account flooded with inappropriate posts. This is not the first time cloud data has been exploited, and it is certainly not as damaging as some other large scale attacks. But it does raise new questions (and many old ones) about cloud security.
An Apple iCloud account allows users to keep a good portion of their data in sync across multiple devices: mac, iPad, iPhone, etc. When it works correctly, it makes life a great deal simpler. When someone with malicious intent gains access to it, all of your devices are suddenly in jeopardy. Such was the case with Mat Honan’s account.
At 4:50 PM, someone managed to gain access to his account by pretending to be him and calling Apple’s customer support. By 5 PM, his iPhone had been wiped. By 5:01, they had his iPad, and by 5:05, his MacBook Air was toast. Not long after that, they had his Twitter account and the Gizmodo Twitter account.
What does all of this tell us about cloud security? Is it just a freak occurrence or something that should concern everyone who uses the consumer cloud? The fundamental problem with the cloud is that you are essentially at the mercy of your cloud provider. It could literally be as simple as someone accidentally deleting your email, remotely stored files, or backups.
To further complicate things, there are also no industry-wide standards for cloud security. Some companies may have strict policies for technology and personnel, while others may be quite liberal with security. Unfortunately, many users find out too late.
For some people, incidents like these are enough to convince them to always keep vital information on their computers and avoid services that allow remote access to them. Nevertheless, others believe the cloud can be standardized and even open sourced.
Regardless of the solution, the problem is definitely not going away. As more consumers take off into the cloud, we can expect to hear more about security and privacy, and cloud providers may need to start preparing for that day now now.