This article from InformationWeek outlines a new digital forensic tool that can be used to pull down all your data from Apple's iCloud - including all your iPhone & iPad data if you backup to iCloud like Apple would like you to. While this tool from Moscow-based ElcomSoft, is most likely to be used by some type of law enforcement entity, that does not mean it could not be used in a harmful manner. And the tool does require a valid iTunes/iCloud account username & password to gain access, which means the tool is not "hacking" it's way in to a users files. That sounds nice, but over the past few years there have been a large number of iTunes accounts targeted for attack by hackers & identity thieves - most recently documented in this ZDNet article "Anatomy of an iTunes Store Account Hack". Since most users are using the same credentials for their iCloud account as their iTunes account, it would not be much of a stretch to see these same hackers to begin going after both the iTunes and iCloud accounts for their valuable data.
iCloud accounts can store your music, track your device (and you if you're carrying it), and have email setup on it, but it can also be used to backup your iPhone or iPad. Prior to iOS 5, users had to utilize iTunes to activate, backup and restore their devices and were provided with an option to encrypt these backups. These encrypted backups would make it nearly impossible for anyone that gained physical access to your computer. With iOS 5 users can now go "PC free" and perform their backup and restores via iCloud, but these backups apparently are not encrypted on Apple's servers.
Why should you be concerned about where your backups are stored and who has access to them?
ElcomSoft marketing director Olga Koksharova explains in his blog post: "iCloud backups hold essentially the same information as stored in offline backups, which includes accounts and passwords , call logs and text messages, calendars, appointments, contacts and organizer information . Pictures and Web browsing history including URLs of recently visited sites are also included." Who would really want all of that information on any remote backup service without being encrypted? Not me.
While there is a setting on your iDevice to change your iCloud backup options, the easiest way to do this is from the iTunes summary screen for your device that shows up when you have it plugged into your computer. This setting is about halfway down the screen and is very easy to locate (see below):
Just make the change to backup locally and then select the option to encrypt your backups and choose your password. Once this is complete, iTunes will backup your device when you Sync it with your computer or you can just right click on your device and select backup. Your iDevice may no longer be "PC Free" but your data will be quite a bit safer.
Source: Information Week
No comments:
Post a Comment