Apple ICloud: Simplifying Digital Lives Raises New Security Concerns
For Apple fans juggling iPads, iPhones and Macbooks, Apple's iCloud, which launched Wednesday, offers the chance to simplify their digital lives by linking email, calendars, music and photos from multiple devices.
But while iCloud promises convenience, experts say it raises potential security and privacy concerns inherent in storing data in the cloud: If one account is hacked or one device is stolen, others could be compromised because they are linked in the cloud. And cloud providers control that information, which they could hand over to marketers or law enforcement.
Users of cloud storage "have to be comfortable with someone else holding all your data," said Jamz Yaneza, a threat research manager with the security firm Trend Micro.
An Apple spokeswoman said Apple has taken several measures to secure information stored on iCloud, including encrypting data while it is transported over the Internet and while it is stored on Apple's servers.
In recent months, the risks associated with cloud computing have gained attention. In June, Dropbox, which provides online storage, admitted that a security glitch allowed people to log into any Dropbox account for several hours by typing in any password. In April, Amazon.com's cloud service failed, bringing down the websites of numerous businesses.
Still, cloud computing, which allows users to store data on the Internet instead of on hard drives, has become an increasingly popular way of housing information and deploying software, especially among businesses, because it is cheaper and more efficient. Millions of Gmail, Twitter and Facebook users access cloud computing every day, perhaps without even realizing it.
But privacy experts say users who store information in the cloud face the risk of losing control of their data. Consumers should be wary of cloud providers using their data for marketing purposes, experts say. And cloud providers may also receive a subpoena compelling them to give user data to authorities.
"While you might think your cloud provider would stand up to such requests, most are legally bound to hand over the information," David Linthicum, who blogs about cloud computing, wrote earlier this year on Infoworld.com.
For most Apple consumers, the benefits of iCloud will likely outweigh the security and privacy concerns, said Andrew Storms, director of security operations for the security firm nCircle. Besides the convenience of linking data from multiple devices, iCloud serves as a backup if a device crashes and music or photos are lost, he said.
But businesses may have reasons to be concerned about iCloud, experts said. Many employees have started using personal Apple devices for work purposes, and companies must decide if they are comfortable with intellectual property being linked to the cloud, Yaneza said. If iCloud is compromised by hackers, Storms said, sensitive business data could be vulnerable because that employee's Apple device is linked to iCloud.
Some researchers have already explored the possibility of exploiting cloud computing. In 2009, researchers at the University of California, San Diego and MIT found a way for hackers to steal data on Amazon's cloud service by placing a malicious "virtual machine" on the same server as another "virtual machine."
With the launch of iCloud, hackers are now more likely to target Apple devices and applications because they will be linked to "a treasure chest" of data in the cloud, Storms said.
"Hackers will say, 'Forget going after individual users, let's go after Apple," Storms said. "Because if we break in, we get access to everybody's data.'"
Apple users should consider doing something they are often unwilling to do: create multiple complex passwords for their accounts and devices, said Chet Wisniewski, a security researcher at Sophos Labs. That way, a compromised device or account can't compromise other data stored in the cloud, he said.
"It all comes down to how well you secure your device," Wisniewski said.