Making the Cloud Safe for Consumers: Time for Apple To Step Up [Updated]

iCloud illoThis has been the Year of the Cloud.  Apple, Microsoft, and Google, the three companies that matter most to consumers, have all been rushing headlong to establish personal clouds that will link consumers’ data across multiple devices, making it available anywhere, any time. What could possibly go wrong?

We learned the answer in dramatic fashion this week when a hacker, apparently just out for kicks, wreaked havoc on the digital life of journalist Mat Honan, wiping his iPhone, iPad, and MacBook, deleting data from his iCloud and Google Apps accounts, and sending out a stream of ugly tweets from the account of his former employer, Gizmodo. Honan’s Wired account of just what happened and how is long but well worth reading.

A watershed event. It’s rare that a single incident marks a true tech watershed, but this may well be one. The personal cloud is definitely looking like the Next Big Thing. But the problems raised for cloud purveyors including Microsoft, Google, and above all, Apple are not just issues of public relations or marketing. They are going to have to make some real changes to assure safety.

Apple bears the biggest initial burden because of the ease with which the still unidentified attacker winkled Honan’s password out of Apple technical support and the company’s utterly incompetent handling of the issue once Honan discovered his problem. (Amazon played a relatively small but critical role in the attack, which relied entirely on social engineering rather than a technical assault. Wired Gadget Lab reports  that Amazon has quietly plugged the hole.) But Apple, as it its wont, has remained stonily silent on the matter. According to Gadget Lab,  Apple appears to have shut down telephone iTunes password resets, the crucial point of attack against Honan, but the company has announced no policy changes.

UPDATE: Apple spokesperson Natalie Kerris confirms that the company has stopped providing password resets over the phone. It plans to resume the service at some unspecified point in the future, but when it does so, users will be required to provide stronger authentication.

By his own admission, Honan made several serious mistakes in this episode, the most serious being the way he linked his Apple iTunes, iCloud, and Google accounts. That allowed a successful attack on one to be used against all. But if a savvy and experienced tech journalist couldn’t get this right, how much greater is the risk for the average consumer? Apple all but forces you to use the same username and password for iTunes and iCloud; the password you use to secure 99¢ song purchases can open the way to someone wiping out the data on a Mac.

Friction isn’t always bad. Apple’s goal in setting up iCloud was clearly to make transactions of all sorts as frictionless as possible. But friction is by no means always a bad thing, especially when it slows down an attackers. There is nearly always a tradeoff between convenience and security, and its clear that the dial is going to have to be turned toward security.

Keeping the focus on iTunes/iCloud, iTunes itself does not require a very high security barrier. Although you have a credit card on file, it’s hard for an attacker to buy very much very quickly. The main change needed is that Apple should greatly speed up the process of sending email purchase notifications. On Amazon these are nearly instantaneous, but I sometimes don’t get iTunes Store or App Store notifications until a day after the transaction. Your best protection is to get immediate notice if someone is making unauthorized use of your accounts.

Changing account settings, especially the email address associated with the account, should require a much higher level of protection, as does access to any iCloud data and the Find My Mac, iPhone, and iPad features. These features are used infrequently, and introducing a little, or better yet, a lot of friction will provide protection with minimal inconvenience. And password recovery procedures need a top-to-bottom reconstruction. For example, an individual who cannot produce acceptable credentials online or on the phone might be required to go to an Apple Store with government-issued ID and a credit card to establish identity. Yes, it is inconvenient; it’s supposed to be. (In Honan’s case, stronger passwords would not have helped in the least since the attacker was able to obtain his password.)

Unintended consequences. Another issue the industry as a whole has to come to grips with is unexpected interactions among different cloud services. This is an old and very difficult problem in security. Amazon’s policy on revealing information on existing credit cards when you entered a new one was mildly dumb. But combined with a totally unrelated Apple policy that let anyone use the last four digits of a credit card number to recover an iTunes password, it became catastrophic. Honan thought linking iCloud to Google was an innocent choice, but it, too, proved to have disastrous consequences.

The personal cloud is far too valuable to put it at risk through stupid security practices like those that clobbered Honan. It’s time for the services to take the lead and fix the problems in a public and transparent way (I’m looking at you, Apple.)

Final bit of advice to users: Honan says his biggest regret in this episode was the loss of photos of his child’s first year. As useful as the cloud is, it is no substitute for a secure local backup or backup to a dedicated service. Sync is great, but it is not backup. You should understand how different sync services work. I’m a big fan of SugarSync, which not only stores data in the cloud but, for important files, creates up-to-date local copies of files on multiple PCs. For important data, a belt, and suspenders, and maybe a second belt isn’t too much.