Beware the Predators in the Cloud


By David Abbou - Sep-23-2014

The infamous “Celebgate” a few weeks ago is still all over the mainstream press, mainly as fodder for the likes of TMZ and Entertainment Tonight to gossip about how the likes of Jennifer Lawrence, Kate Upton and Vanessa Hudgens have been exposed in their birthday suits. Apple has responded by extending their two-step verification process to iCloud, which should make it more difficult for hackers to breach and acquire their backed up data – that is if the user actually activates this measure.

Apple’s security was put through the ringer by the security community for lacking specific security features needed to fend off brute force password guessing attacks on phone backups stored within its iCloud. But it has since responded, by additionally adding a rate limit to how many times a user can guess their password before being granted access to the backup.

But as organizations recognized the value in using technology that complements our behavior in the mobile age, they began accommodating employees by letting them access work resources and information on their personal devices. The Bring-Your-Own-Device (BYOD) revolution had arrived.

However, even if Apple had already implemented these features before, they wouldn’t be enough to prevent these attacks if the user’s passwords and security questions, as is often the case, are weak and predictable. That’s because attackers can exploit such weaknesses and gain entry to your network as an authorized user. From there they can discover more sensitive passwords to your personal accounts and exploit leads from your contact list on who to target next.

This realization quite justifiably lobs the ball back in the consumer’s court. And using more robust passwords is just one of several security steps that users need to be more diligent in applying. If there’s one constructive and very critical lesson users need to take away from Celebgate, it’s that if you want to enjoy playing with your fun and shiny internet connected toy du jour without handing the keys to your private details – which could hurt your bank account as much as it can harm your reputation – you need to get with the security program.

In our increasingly cyber world, our cyber toys come with cyber responsibilities that users can’t keep ignoring if they want to avert their own personal disaster.

You don’t need to be an A-list sex symbol to learn this lesson the hard way. Recently a high school teacher in Israel conducted a pilot program by distributing shared tablets amongst her students. Little did she forget that the tablets were synched by default to her smartphone by virtue of her logging into her Gmail… which you guessed it, contained nude photos of herself. The high schoolers, reacted like, well, high schoolers. One student snapped photos of the pics from the tablet and in no time shared them with the class and beyond via WhatsApp. Asked to resign, the teacher has refused and instead is attempting to sue the child. She’s also blaming the school for not informing teachers about the potential security hazards of logging into your own email on shared tablets.

You can’t blame people for feeling for the teacher and her bad luck on one hand, but on the other hand this is a prime example of a self-inflicted privacy violation. And while many of us coast by and click right on by the fine details because we can’t start using our gadgets, apps and widgets fast enough, stories like these should be blinking in our brains like a bright pink neon sign that we’re no longer able to plead ignorance of the security policies so critical to our own protection.

Auto-syncing files, whether it be onto iCloud, Google Drive or any of the other cloud-based storage services all have options you can turn on or off via your account from any of your devices.

The vast majority of users are going to remain relatively technologically unsavvy, but that doesn’t mean you have to make yourself easy prey for attackers. There’s only so much spoon-fed protection we can demand from the services we use every day. If you don’t want hackers to mark you with a security tramp stamp, then putting a little bit of effort into your own security will help prevent from making you an easy target.