Friday, September 05, 2014

Hacking the Cloud

So you might have heard that a number of celebrities had their personal (meaning: naked) photos stolen recently, through their accounts with Apple's iCloud system. Various low-information talking heads have made a lot of noise about this for close to a week now, blaming "the cloud" and mostly neither increasing their own or anyone else's level of information.

David Linthicum, of InfoWorld's "Cloud Computing" column, thinks the cloud is getting a bad rap throughout all this furor -- and it is, certainly -- but he also engages in the disingenuous "all systems can be hacked" argument to handwave it all away.

Yes, there have been other data breaches that are more serious than this one. And, yes, this was at most a failure of user security rather than a direct failure by the cloud provider -- Apple could have provided two-factor authentication, but most people hate that, and don't tolerate it for anything less serious than financial matters. (Though there may now be a market opening for a nude-selfie cloud provider with upgraded security -- especially if they throw in the ability to add and delete authorized viewers for specific pictures on the fly and have a Snapchat-esque purging system that actually works.)

But this breach was enabled entirely by the nature of the iCloud system. Whoever this hacker (or hackers) was, he used a publicly accessible distributed system (aka a "cloud") and was able to guess IDs and passwords for a number of famous people whose lives are well-documented. If those celebrities' photos were not automatically uploaded to a cloud storage system -- if they only lived on those individuals' phones and any computers they used to synch with those phones -- such a theft would not be possible. Absent iCloud, the only way to get these photos is to obtain the phones (or personal computers) themselves, and that's not scalable the way "hacking" the passwords of Jennifer Lawrence and her ilk is.

Placing data on a platform that can be accessed from any appropriate device that successfully accomplishes a security handshake makes that data inherently less protected. This is the case for pure cloud systems, as well as the credit-card databases that major retailers keep having trouble with. (I'm not a systems guy, so there's probably a good reason why those retailers don't use locked channels of communication that function purely between their known store locations and their data warehouse. At least, I hope there's a good reason, and it's not a case of "using the Internet was cheaper.")

If your data needs to be locked down because leakage to unauthorized users would be very damaging, perhaps it shouldn't have an IP address at all. That's all I'm saying.

1 comment:

boviate said...

Their good reason stores use the internet rather than a locked channel is reliability. Sure, Target could spend the money to send up their own geosynchronous satellite or run their own private fiber optic line from every store to their HQ, although doing so would cost so much money that they would go broke. But even if they did build out their private network, what happens when the satellite goes on the fritz, or a backhoe operator in Texas breaks one of their fiber optic cables? The virtue of the internet is its reliability. Target doesn't have to hire a staff of fiber-optic repair people and fly them to wherever the break is. They pay an internet provider to do all that for them. and as a bonus, when the cable they were using is broken, the internet is designed to route their data through a different pathway without anyone having to do any complex fiddling.

Post a Comment