With the recent celebrity photo scandal, the safety and security of our data in the cloud has come into question. Before going any further, it’s worth noting that Apple still hasn’t confirmed that the breach came from iCloud itself, but it is looking like iCloud and Photo Stream are the culprit, and that the accounts in question were accessed individually and not in a large-scale attack.
This being said, the celebrity photo scandal should stand as a warning that even if you’re not sending photos and data via email, text, or other transfer service, your data is still being stored somewhere out in the cloud. While this in of itself is not a bad thing, it is definitely something to keep in mind.
We trust iCloud to save everything from our contacts to our photos to synced password and credit card information so the question is, how safe is iCloud?
Before trying to answer the question of how safe is iCloud, you first need to have a general understanding of how iCloud security works. Everything sent to the iCloud server is fully encrypted while in transit as well as when it sits on the server itself. Apple uses a minimum of 128-bit AES encryption to keep your data safe from a traditional system compromise.
This means it’s nearly impossible for someone to intercept your data while on the way to the server, and basically completely impossible to get it once it is on the server. This is why the recent breach of privacy for the celebrities involved didn’t come from Apple’s iCloud servers being compromised, but instead most likely came from a more easily accessible method.
The compromise most likely came from something known as social engineering. This method of hacking takes advantage of password reset systems and instead of a faceless program trying to guess a password, this method is far more personal and comes from an individual doing manual research.
You’re probably thinking that this type of attack would never happen to you though, as who would want to put that much effort into hacking your data. That’s what Mat Honan thought in 2012 when his Apple products started to act very oddly. First his iPhone started to act funny and looked to be bricked. He went to his iPad and noticed it was the same. From here he went to his MacBook Air to try and restore his oddly broken devices, to see it was locked and being wiped as well. Hackers ended up deleting his Gmail, all his iCloud data (including ALL his photos), and all this so the hacker could gain access and hopefully keep his short twitter handle of @mat.
By researching password reset information and smooth talking tech support, Mat lost his entire digital life.
In this case, hacker could have kept his images if they wanted to, but instead chose to delete them all to cause confusion while he or she took control of his Twitter account. While changes have been made to the services that allowed this to happen, it looks like the same issues are around in 2014 that were present in 2012.
Should You Trust iCloud?
The big question here isn’t if someone can get at your data, because if someone wants it, they’ll probably find a way. The question is however, is your data as safe as possible in iCloud?
With iOS 8 and OS X Yosemite coming out soon and heavily based in iCloud, this is a major concern for any Apple user, not just camera-happy celebrities. Overall, iCloud is as secure as it can be, as long as you treat it with the respect and care that is required. Using 2-factor authorization is important, which you can set up with your Apple account, as well as using unique passwords for every account.
Making your password reset questions something that is blatantly not correct is a big help, too. Instead of actually placing the street you grew up on as a way to protect your account, put in a random street that you circle on a map that you keep in your desk. Nobody will ever know why you circled that one street, but you will and nobody will ever guess it to reset your password.
iCloud seems to be as secure as ever, but the safest way to keep sensitive information secret is to not sync it with iCloud or any other online service at all. If you have “sensitive” pictures you’d like to keep private, turn off Photo Stream and now they won’t be sent to iCloud and will only live on your device. The best form of security starts with you, and as with any other service, iCloud is only as secure as you help it to be.
More From Apple Gazette
How Tim Cook is Changing Apple’s Image for the Better
WWDC 2014: The Good, The Bad, and The Unimpressive