Making the Cloud Safe for Consumers: Time for Apple To Step Up [Updated]

by Steve Wildstrom   |   August 8th, 2012

iCloud illoThis has been the Year of the Cloud.  Apple, Microsoft, and Google, the three companies that matter most to consumers, have all been rushing headlong to establish personal clouds that will link consumers’ data across multiple devices, making it available anywhere, any time. What could possibly go wrong?

We learned the answer in dramatic fashion this week when a hacker, apparently just out for kicks, wreaked havoc on the digital life of journalist Mat Honan, wiping his iPhone, iPad, and MacBook, deleting data from his iCloud and Google Apps accounts, and sending out a stream of ugly tweets from the account of his former employer, Gizmodo. Honan’s Wired account of just what happened and how is long but well worth reading.

A watershed event. It’s rare that a single incident marks a true tech watershed, but this may well be one. The personal cloud is definitely looking like the Next Big Thing. But the problems raised for cloud purveyors including Microsoft, Google, and above all, Apple are not just issues of public relations or marketing. They are going to have to make some real changes to assure safety.

Apple bears the biggest initial burden because of the ease with which the still unidentified attacker winkled Honan’s password out of Apple technical support and the company’s utterly incompetent handling of the issue once Honan discovered his problem. (Amazon played a relatively small but critical role in the attack, which relied entirely on social engineering rather than a technical assault. Wired Gadget Lab reports  that Amazon has quietly plugged the hole.) But Apple, as it its wont, has remained stonily silent on the matter. According to Gadget Lab,  Apple appears to have shut down telephone iTunes password resets, the crucial point of attack against Honan, but the company has announced no policy changes.

UPDATE: Apple spokesperson Natalie Kerris confirms that the company has stopped providing password resets over the phone. It plans to resume the service at some unspecified point in the future, but when it does so, users will be required to provide stronger authentication.

By his own admission, Honan made several serious mistakes in this episode, the most serious being the way he linked his Apple iTunes, iCloud, and Google accounts. That allowed a successful attack on one to be used against all. But if a savvy and experienced tech journalist couldn’t get this right, how much greater is the risk for the average consumer? Apple all but forces you to use the same username and password for iTunes and iCloud; the password you use to secure 99¢ song purchases can open the way to someone wiping out the data on a Mac.

Friction isn’t always bad. Apple’s goal in setting up iCloud was clearly to make transactions of all sorts as frictionless as possible. But friction is by no means always a bad thing, especially when it slows down an attackers. There is nearly always a tradeoff between convenience and security, and its clear that the dial is going to have to be turned toward security.

Keeping the focus on iTunes/iCloud, iTunes itself does not require a very high security barrier. Although you have a credit card on file, it’s hard for an attacker to buy very much very quickly. The main change needed is that Apple should greatly speed up the process of sending email purchase notifications. On Amazon these are nearly instantaneous, but I sometimes don’t get iTunes Store or App Store notifications until a day after the transaction. Your best protection is to get immediate notice if someone is making unauthorized use of your accounts.

Changing account settings, especially the email address associated with the account, should require a much higher level of protection, as does access to any iCloud data and the Find My Mac, iPhone, and iPad features. These features are used infrequently, and introducing a little, or better yet, a lot of friction will provide protection with minimal inconvenience. And password recovery procedures need a top-to-bottom reconstruction. For example, an individual who cannot produce acceptable credentials online or on the phone might be required to go to an Apple Store with government-issued ID and a credit card to establish identity. Yes, it is inconvenient; it’s supposed to be. (In Honan’s case, stronger passwords would not have helped in the least since the attacker was able to obtain his password.)

Unintended consequences. Another issue the industry as a whole has to come to grips with is unexpected interactions among different cloud services. This is an old and very difficult problem in security. Amazon’s policy on revealing information on existing credit cards when you entered a new one was mildly dumb. But combined with a totally unrelated Apple policy that let anyone use the last four digits of a credit card number to recover an iTunes password, it became catastrophic. Honan thought linking iCloud to Google was an innocent choice, but it, too, proved to have disastrous consequences.

The personal cloud is far too valuable to put it at risk through stupid security practices like those that clobbered Honan. It’s time for the services to take the lead and fix the problems in a public and transparent way (I’m looking at you, Apple.)

Final bit of advice to users: Honan says his biggest regret in this episode was the loss of photos of his child’s first year. As useful as the cloud is, it is no substitute for a secure local backup or backup to a dedicated service. Sync is great, but it is not backup. You should understand how different sync services work. I’m a big fan of SugarSync, which not only stores data in the cloud but, for important files, creates up-to-date local copies of files on multiple PCs. For important data, a belt, and suspenders, and maybe a second belt isn’t too much.

 

Steve Wildstrom

Steve Wildstrom is veteran technology reporter, writer, and analyst based in the Washington, D.C. area. He created and wrote BusinessWeek’s Technology & You column for 15 years. Since leaving BusinessWeek in the fall of 2009, he has written his own blog, Wildstrom on Tech and has contributed to corporate blogs, including those of Cisco and AMD and also consults for major technology companies.
  • Rich

    What is shocking to me is that Honan says he never did any local backup of his files. I’m not even using the cloud and I have an external hard drive to back up my computer. For a technically aware person to store their really valuable material in the cloud and have no local copies of it…I don’t want to say the guy was dumb, but he’s learned a painful lesson that he could have easily avoided.

    • steve_wildstrom

      He says himself that he was dumb. The failure to ado a local backup is especially surprising with a Mac, since Time machine makes it so easy. I have my iPad and iPhone synced to iCloud, but I also do local backups from time to time.

  • steve_webb

    The key word in this article is “Gizmodo”. I’ll bet tech support at Apple was thinking, “Karma is even better than getting even.”

  • no

    This is case of identify theft.
    every day peoples identity is stolen
    and their credit ruined by thousands
    which is perpetuated by Banks and Credit Card companies.
    yet this story is not even level to what poor people
    have been going thru in this country.
    Totally ridiculous. guy is in contact with the hacker.
    yet he won’t contact police but write a blog story.

  • http://www.iexcella.com/ iOS Developers

    iCloud is not unique on this risk.

    Most devices with Microsoft Exchange/ActiveSync obey a remote request
    to wipe their data and it’s possible to do it from Outlook (even the
    Web version of it)
    Likewise, Android devices with the Google Apps profile and syncing to
    Google can also be remotely wiped from the users’ Google Apps control
    panel

    • steve_wildstrom

      A remote Exchange ActiveSync wipe request has to be initiated from an Exchange server to which access, in any properly configured system, is very limited. A malicious person in a corporate IT department can wreak all sorts of havoc, but that has always been true.