Flaws of a single ecosystem

The post is triggered by the recent leak of celebrity nude photos. Apple has claimed that the iCloud ecosystem is secure and the leak was the result of targeted attempts. Nevertheless, they eventually decided to tighten the security of the ecosystem. This is not an isolated incident as I clearly recall a previous incident involving social engineering to trigger a password reset. The hacker then went on to use the "Find my iDevice" feature to systematically erase the victim's iPhone, iPad, iMac, completely cutting him off the internet.

Having all of your devices and data stored on a single ecosystem is very risky. The provider might have implemented multiple security features including 2FA but at the end of the day, the weakest link is still the user, who can be social engineered into revealing whatever privileged information required. Financial advisors have long been preaching the message of not "putting all your eggs into one basket" but the idea has not really caught on in consumer IT.

One of the biggest benefits of a single ecosystem is the syncing of data across devices seamlessly without any user intervention. However, this gives rise to yet another problem. Most users have no idea how much information is being synced and where it is stored since it is all done automatically. For example, Mary Winstead claims that the leaked photos were deleted a long time ago. Few people knew that Apple kept 3 backup images just in case the most recent backup image is corrupted. Backing up your data manually might require a bit of technical knowledge but it gives you much more assurance about the security of your data.

Lastly, there is an inherent risk with storing data on the cloud. Data loss might occur due to mistakes made by employees or the company itself might even cease to exist. I do use the cloud to store my data but my mantra is "Store only what you can afford to lose". I always keep my most private data off the cloud and on my own HDD.

Edit: It has happened. Files were lost due to a bug in Dropbox's selective sync feature.



Tags: Security

Similar Articles

Rules of Engagement in Cyberspace - Rules of engagement is a concept familiar to most military personnels worldwide. The basic premise of having rules of engagement is to ensure an appropriate level of response or reaction to a ...
Biometrics and Passwords - Many people have the misconception that biometrics such as fingerprint readers are more secure than passwords. It probably stems from Hollywood spy movies showing Top Secret facilities protected ...
The Golden Key - TSA Locks and Encryption - Earlier this year, TSA master keys were leaked and ordinary folks were supposedly able to 3D print these keys and open any luggage with a TSA lock. Despite the huge uproar, I personally feel that ...
Negative space - Sometimes, the lack of information is valuable information. The Washington Post reports that according to unnamed current and former US officials, the CIA pulled "a number of officers" from the ...