You might not worry much about the problems of Movie Stars whose photos were “exposed” through the Internet. It is headline news mainly because it happened to someone famous. But the naked truth about the Cloud is that it could happen to anyone. The security and privacy of your information can put you in a risky position unless you arm yourself with an IT ally, trusted resources, and some Cloud basics.
The Apple iCloud was attacked using a “Brute Force” method. This well-known technique essentially tries a series of passwords on a user’s account. The Cloud is a euphemism for servers that are owned and operated outside of your control. Typically they are server farms that have hundreds, if not thousands, of servers located in geo-diverse locations around the country, or the world. The Cloud provides services and stability that is beyond the reach of what a typical business could do on their own. The Cloud is a good thing, but brings with it some concerns as well.
That brings us back to the Apple iCloud. The Brute Force method discussed in this case is based upon lists of common passwords that hackers use to increase their odds of “guessing” your password. Most secure sites recognize this method, and will lock your account after multiple bad login attempts. Apple did not have the multiple login protection enabled on one of its sites: “Find My iPhone.” There was a hacking tool created that, used in conjunction with the target’s email address, would break the user’s security. Once broken, the hacker had access to restore all of the target’s data from their iPhone to their PC. Data that includes, Video, Pictures, Calendar, and Contacts. With the newly stolen data, the hacker now has more email addresses to use to repeat the hacking process. Apple has reportedly closed the security loophole, but puts the problem squarely on the users for having weak passwords.
What can you do? There are several was to increase your security two of the easiest are: Two factor authentication, and complex passwords. Two-factor authentication utilizes two separate methods of verifying your login. For example, when you login to your bank’s website, it send you a text to verify your identity with a code. You enter that code on the website login page, and you have been authenticated. Complex passwords have the following recommendations: Every site’s password should be unique. Passwords should have a minimum length of 8 characters, containing a combination of upper case, lower case letters, numbers, and special charters (@#&^*$…). One trick for using complex password is to use a sentence rather than a word (e.g.: This is 1 complex password!). Every character that is added to your password increases it security exponentially, changing the hack time from hours, to days, to weeks, to years, and beyond.
Hackers will be around as long as there is money to be made from stealing your data from the cloud. By utilizing security best practices you can lower your risk of being “Hacked.” Be smart with security, and don’t expose yourself to internet hackers!
Check out this video of Kevin Greene from IT 4 the Planet as he talks about iCloud: