Wednesday, 3 September 2014

Is your iCloud data safe?

Following the recent revelations that a number of celebrities have had nude photos of themselves hacked, seemingly from within their iCloud accounts, what does this mean for you?

Do you have an iCloud account?

Probably. If you have ever bought music from the iTunes Store, or if you have ever owned an iPhone or iPad, then the chances are very high that you have set up an iCloud account.

What is an iCloud account?

It is storage for your data provided to you, for free, by Apple on the internet (i.e. in the "Cloud"). Ostensibly this allows much easier use of your Apple devices as all stored data can be shared by all of your devices. So, if you have iTunes on one device you can listen to the same music on your other Apple devices. Photos you take on an iPhone can also be viewed on your iPad.

Why is this free?

Clearly the supply and maintenance of iCloud Servers costs Apple quite a lot of money. It could be argued that they are simply giving something back, given the very high price of iPhones and iPads compared to equivalent devices from other manufacturers. But, it could also be useful for Apple to know how and why people use their phones and tablets, for market research purposes.

But I don't need that functionality

Maybe not. But your Apple device may be set to store backups of your data in the iCloud. Useful, of course, if you ever lose your iPhone with all of the precious photos on it.

Nobody wants my photos!

Obviously not, but that won't stop them looking around. You may think there isn't much in your house worth stealing, but you lock the door every time you leave.

How do they get into my account?

Apple's iCloud service is protected by email address, password and the answers to 2 out of 3 security questions. 

Your email address is, of course, public knowledge. 

These hackers seem to have used a "Dictionary" attack on the passwords, whereby software is set up to simply scroll through every word in the dictionary until it finds a match. (It will also substitute letters for numbers to try common pa55w0rd5.)

The security questions can be fairly easy to guess if you can access sufficient information about someone. For celebs this comes from Hello magazine interviews. For you and I, Facebook, Twitter or Linked In are the main sources of personal information.

But, I use 2-Step Verification

Good! 2-Step Verification sends a one-off code to your mobile phone when you try to access an online account. So, to access the account you have to know the username, the password, the answers to security questions and the one-off code. This makes life much more secure and you should use it whenever possible.

But! Apple's iCloud data is not protected in this way. Only the actual account is, to prevent hackers changing your password or answers to your security questions. If they are able to guess these then they have access to the data anyway.

What can I do to protect myself?

Even though you don't believe that you have anything worth stealing, people feel very vulnerable after suffering an intrusion into their personal space.

1. Just as you use a different key for every lock, so you should use a different, and complex, password for every website. Using a one word password, (such as password), is simply inviting trouble. Make your pa$5-WOrd£ hard to crack. See our Blog at to learn how to do this very easily.

2. Remove or mask all personal data from Facebook, Linked In, Google+, etc.
  • Set up a free email address and use that for logging in to Social Media. (You only need to use the email address occasionally, to verify that you have access to it the first time you use it for each site.)
  • Change your date of birth (not just the year.) Your real friends know your real birthday anyway.
  • Don't be tempted by the "Find Your Friends" features of such sites. This is simply a way for them to collect your address book, so they can target your friends.
3. Set up 2-Step Verification whenever you can.

4. Use obscure answers to security questions, such as "Fantastic" for Mother's Maiden Name, or "Keyboard" for First Car, etc.

5. Don't trust companies to keep your data secure, no matter who they are or how big they are. The bigger they are, the less control they have over all of their Servers.

6. Delete your iCloud account. On your iOS device’s Home screen, go to Settings > iCloud, then at the bottom of the screen, tap Delete Account.

Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014