It has not been a great couple of days for Apple at the Hack in the Box conference in Malaysia. As news about the iMessage exploit continues to trickle in from various sources, new information regarding potential holes in the iCloud architecture could be yet another nail in Apple’s “no viruses on our machine” coffin.
Today’s exploit comes to us courtesy of Russian security expert Vladamir Katalov, who has spent the past year analyzing Apple’s iCloud and Find My Phone protocols in search of a hole much like the one discussed on the event floor last Thursday. In “Cracking and Analyzing Apple’s iCloud Protocols,” Katalov went into detail on how he was easily able to download remote backups of random users data simply by gaining access to their user account name and password, which themselves were acquired through standard keyloggers and data dump programming.
He then went on to emphasize there were no available methods to encrypt this data on a particular server, and that if Apple users wanted to keep their files safe, they would need to employ extra security measures to prevent the leaking of their password or other sensitive documents.
Unlike most other key storage methods, Apple keeps the code to open encrypted files on the same disk — so as long as an attacker gains access to the drive itself, they should have no issue unlocking protected content at the same time. Not only that, it turns out that a majority of the iCloud data is actually stored on Microsoft and Amazon servers, revealing a partnership between the three tech corporations that had gone previously unreported until now.
This seemingly innocuous pairing actually reveals a more insidious motive; because Apple outsources their storage solutions, they are able to keep their slates clean when law enforcement comes knocking on the door asking to see what’s inside the trunk. In Apple’s July public statement on the NSA PRISM surveillance program, the company denied any backdoor server access for government agencies.
“Apple does not give law enforcement access to its servers.”
If you own or use an Apple device in your everyday life, it is now highly recommended to find a reliable, secure method to backup your data that comes with a proven track record and a long history of dedicated protection from hackers and government agencies who might try to snoop where their noses don’t belong. With HideMyAss Pro VPN apps available on the iOS store for both the iPhone and iPad, along with a standalone version built especially for OSX, you can be sure all your backups carry a 100% guarantee of safety and security from one of the best VPN providers in the business.