#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 5°C Monday 30 November 2020
Advertisement

Should you be worried about whether your cloud data is safe?

The recent image leak involving numerous female celebrities has brought the focus on cloud security, but does this mean your own files are under threat?

Jennifer Lawrence was one of the people affected by the leak.
Jennifer Lawrence was one of the people affected by the leak.
Image: Doug Peters/EMPICS Entertainment

WITH THE NEWS of numerous female celebrities having nude or nearly nude photos of themselves leaked, part of the focus has been placed on the cloud services (mainly Apple’s iCloud) which hosted these images and how they were found, despite some of them being deleted.

While these images were saved under the (very reasonable) assumption that they were private and nobody would be able to access them, the opposite has occurred. All cloud storage services use a number of security and encryption methods to keep data safe, and it’s not entirely clear what happened.

Those of you might be wondering about whether or not your data is safe. If that’s the case, it’s worth looking at the reasons why this might have happened and what you can do about it.

So how were these photos obtained?

This is something that isn’t entirely clear. For one, a service like Apple’s iCloud being hacked might be the first reason people might think of, but it’s also the most unlikely.

According to Apple, it uses “a minimum of 128-bit AES encryption – the same level of security employed by major financial institutions – and never provides encryption keys to any third parties.”

However, a potential exploit was recently spotted on Find my Phone, which is connected to iCloud, called ibrute. The developers behind it announced the bug, which doesn’t employ bruteforce protection (an attack can continue using different passwords until the right one is entered) a day before the images were leaked.

The exploit has been patched, but there’s no evidence as of yet that this exploit would have been used to access these files. There’s also the case of having to obtain email addresses as well to access these accounts, which would have to be found through other means.

More importantly (or worryingly), there’s nothing to suggest that other cloud services were affected by this leak, iCloud just happens to be the only service mentioned so far.

iCloud sign in screen Source: Apple iCloud

The more plausible reason would have been accessing through passwords and email logins. While two-factor authentication is available for most services – and should be used regardless - few actually use it.

If someone is savvy enough, they could potentially gain access to one account (email for example) through password guessing, or phishing, the practice of sending fake emails to trick someone into entering information – and use that to obtain and change passwords to other services.

Considering that the standard Apple password only requires eight characters, a capital letter, a lowercase letter and a number as security measures, it would mean that many would just opt for the bare minimum for the sake of convenience.

Apple security password The general guidelines Apple offers when creating a password. It's unlikely that many will deviate from the suggestions offered here. Source: Apple.com

Also, in the context of deleted photos being recovered, chances are those who took the photos didn’t realise they were uploaded automatically – most cloud services offer such functionality.

The other reason is that although you can delete files, they’re moved to a ‘recycle bin’ which means they’re still available for a certain period of time. It’s possible that some images were recovered through this method.

If you already use a cloud service

If you’re already using the likes of iCloud, Dropbox, Google Drive and OneDrive, you should activate two-step verification (there’s a reason why we’re harping on about it).

It’s also worth looking at third-party services that will encrypt your data first before saving it.

One of the better examples out there is Boxcryptor, which works for all the major cloud storage services (Dropbox, Box, Google Drive, OneDrive). If it’s for personal use, then the (free) basic version will suffice, but if you want greater functionality or a group of people want to use it, then the paid version is €36 per year.

Source: Boxcryptor/YouTube

Alternatively, you could opt for Vivo or Cloudfogger, which offer similar services.

If you don’t use a cloud service or you’re willing to switch

If you’re not fully tied down to a particular service, then it’s better to opt for an encrypted cloud storage service. On top of encryption, the services below employ a zero-knowledge password service, meaning only you know your password. Not even those who run the service in the first place would be able to access your data.

The first one is Tresorit, which offers 5GB when you sign up. It’s similar to Dropbox in that by completing certain tasks, you can increase your storage to 16GB.

One of the main features is you can turn any folder on your computer into a secure encrypted ‘tresor’ meaning you don’t need to re-arrange any data or drag everything into one encrypted folder to keep your data safe.

The pro version allows you to have access to 100GB for €9.99 a month (cost per month depends on how much storage space you want).

Source: tresorit/YouTube

The second is Wuala, which also offers 5GB for €0.99 per month. It also offers 100GB for €9.99 per month although its offer for 20GB (€2.99 per month) is better value than what you would get with Tresorit.

It’s similar to many cloud storage services in that it uses a sync folder to keep everything in order, meaning your files are encrypted locally before they’re sent to the cloud.

Source: WualaTV/YouTube

Read: Thinking of looking at those J-Law nude pics? Here’s why you shouldn’t >

Read: After 15 years, MSN Messenger finally decides to call it a day >

About the author:

Quinton O'Reilly

Read next:

COMMENTS (13)