September 4, 2014

2013 Cloud Dangers in Your Digital Life... continue in 2014

Happy holidays. If you have a new smart phone, iPad, tablet or computer, and you are busy linking all your devices to automatically syncronize your music, pictures, and work files, then read and share this blog post. Your digital life can be erased in seconds using the cloud. Clouds and iClouds may seem fluffy and nice, but both have their dangers. New pilots get Visual Flight Rules licenses: control of your aircraft requires visual reference to the horizon. VRF pilots should NEVER FLY INTO CLOUDS. Without more training, the average VFR pilot will get their aircraft into a spiral-dive in about 15 minutes. Your computing "Cloud" can also take you into a digital spiral-dive with its new vulnerability to hacking that you should be aware of. Imagine all your files on all your devices getting deleted.
In 2012, we learned that linking your devices via the Cloud, including iCloud, renders you susceptible to the malicious use of the Cloud to wipe your entire digital life.

Tech writer Mat Honan got hacked recently, and then all of his linked services, including iCloud based services, were used to erase his iPhone, MacBook and all his web based iCloud data. The use of a single service, such as FaceBook, to log into different services also factored into the malicious actions of the hacker to invade one of Mr Honan's services after another. You can read about Mr Honan's nightmare that he kindly shared on one of his blogs at:   EMPTYAGE.   Darlene Storm (Computer World) also has a nice story about this subject:   HERE  , where you can read about some warnings regarding the CLOUD that were uttered by no less than Steve Wozniak himself (Apple's co-founder).

This experience highlights the danger of syncing all your devices and online services. When you change or create a document on one device, the change propagates to the Cloud server, and then to all your other devices. Your laptop, home computer, phones, iPad. What many of us have not appreciated is that these updates also include the DELETION of your files. I have been concerned with this for some time, since Apple's iDisk service went away. Since 2000 my iDisk was a handy external shared disk. I added or removed files from my iDisk and coordinated several lab workstations with this tool. Of course, while these shared files were on my iDisk, there were also copies of the files on my computer drives. Even if my iDisk was hacked, there was no automatic sync to my devices. This is NOT the case with iCloud's file syncronization. It is also similarly dangerous if you use SugarSync's option to autosyc to any file on your hard drive. Deleting files will propagate the deletion for you. If that was your only copy of the file, ouch, its gone!

So, if you are a Mac user that upgraded to OS-X Lion, or your new Mac already uses this system,  you can quickly autosync your devices. However, the more services you link in some way, the more danger there is for your digital life. If one service gets hacked, it can be the gateway to get information and keys for your other accounts, storage and services.

My immediate recommendations:

1) If you are using any Cloud service such as Dropbox, Google Drive or SugarSync, just use the one sycn-folder option: you have ONE folder on your hard drive that is sync'd automatically with your Cloud and other devices. If you have digital stuff you would HATE to lose, then do not leave the only copy in your sync folder. Build your documents in other folders and directories, and place updated COPIES of those files into your Sync folder. Always keep copies in regular folders that are not integrated into the autosyc process. A hacker can erase your Sync folder contents, but your main file copies will reside elsewhere on your hard drive.

2) For any iPhone users out there, consider NOT autosyncing your pictures and critical work files through iCloud. You should have the option to inactivate some of these functions. I have had a Mac account since 2000, and I loved my iDisk. However, while I have an iCloud capable account now, I do not use it for syncing files. The iPhoto program is a great tool, but I do not sync my photos through the iCloud and do not plan to. It is too risky for me. Should I get hacked, my iCloud could be used to wipe those files on all my devices.

3) Run backups of your main device, maybe this is your laptop, with a good old USB-2 external hard drive. OS-X has a great "time-machine" backup system that is easy to use. Windows also has basic backup functions for external drives. Use your external drive at least once a week. If you plan to keep your devices fully integrated and autosycned in iCloud, then do your backups. If Mat Honan had a backup drive, he would be much better off. Mr Honan noted that he had drifted away from the habitual use of his good old backup drive once he went into the cloud, in hindsight a mistake.

These new data dangers have great implications for Google's new operating system and Microsoft's next system, coming out soon. These systems are based on the Cloud for their very fundamental operations. At this time they are completely vulnerable to this kind of hack that can wipe out your entire digital life. SO DO NOT GET RID OF THAT EXTERNAL BACKUP DRIVE YET, KEEP USING IT. I AM TOO. As online services have rushed to link to each other, very little effort has gone into solving the security issues that exist with this kind of mass connectivity. Do you use Facebook to log into all your services now? Imagine that your password is hacked. All your services are then breached.

It seems that Apple's phone support screwed up, and actually gave hackers more information about Mr Honan's account, even though the caller could not answer some of the security questions. What Apple might do to fix that problem I have yet to learn, but it demonstrates that the Cloud brings new problems to our digital world. The implications for businesses and industrial espionage are significant. So follow some of these Intelligent File Rules and stay out of those cloud induced spiral dives.

SEPTEMBER 2014 UPDATE: See my comment added below regarding the loss of private photos from iCloud accounts of celeb actresses and singers. Mostly women of course. Please note that turning off the automatic sync of your iPhone pictures and movies with your iCloud storage will at least keep them IN your iPhone memory and you can move them directly to your home computer later. 

Dr Mitton's rule of thumb:  Ask yourself... "Could I live with this file or image being released to the public?" IF your answer is NO, then you do not want to have the file auto-sycned to any cloud storage. That includes iCloud, Google Drive, Dropbox, SugarSync, Window's cloud etc. 

Also, DO NOT use your google or facebook account to login to other services on the internet. Carefully consider giving cross website permissions to each service too. For example you can give your Twitter account permission to automatically post your tweets to your facebook account. 

If you need to back up your private files, plug directly into your computer and copy them over, or connect your device to an external storage device. If you use bluetooth to connect, just activate bluetooth wireless long enough to do the transfer to your other storage and then turn bluetooth off again. 

THEN, think about your hardware (computer) being stolen. If you have a Mac you can use the Disc Utility program to create a disc image file, make it any size you want (say 100 MB or more) and select the password option. This disc image file will mount only if you have the correct password and acts just like a separate disc.  Copy files onto it, and when you eject it, the disc image file just closes. No matter were you store the disc image file, when you open it, you need the password. Its not the greatest encryption, but it is free and already available via Disc Utility program on your Mac.

Good luck out there digital-humans.

Ken Mitton


kpmitton said...

note: Today Apple moved to fix a flaw in their iFORGET password reset service. So, even after all the problems in 2012, you have to be very very careful. Ken Mitton

Ruby said...

Thank you for sharing your insights regarding this matter, Ken. It would be unfortunate if one experiences data corruption and have no backup. Good job on pointing out the importance of having one! Routine organization of files may prevent data loss or corruption and may also lead to better data management.

Ruby Badcoe @Williams Data Management

Ruby said...
This comment has been removed by the author.
kpmitton said...

Here we are in Sept 2014 and we hear that many celeb pictures from their iPhones were automatically synced in the iCloud, and then were hacked and released. Kate Upton, Jen Lawrence and Kirsten Dunst are only a few of the actresses whose accounts were hacked.

This is fundamentally, though, the same problem Mr Honan had. Its likely that each person's password was hacked maybe at just one linked service and that this service had access to the user's iCloud account.

The advice in my posting here for preventing file loss, is also useful to prevent loss of very private photos and other documents. Ultimately, if it is a file that you would NEVER want to be hacked and leaked out in public then DO NOT LET IT COPY TO YOUR CLOUD SERVICES. That is the best advice I can provide.

If you have been hacked or not, make changes to your iPhone settings now. If you want the photos backed up, move them directly to your iPhoto gallery on your Mac and make sure you also turn off iCloud syncing of iPhoto on that computer.

Good luck out there.
Ken Mitton