The scandal associated with the discharge of intimate photos of Hollywood stars in the network, once again reminded that even the most secure cloud services from the most reputable companies may have a vulnerability and that there is no ideal in terms of safety service.
Hacking personal repositories stars produced the most primitive method – the selection of passwords. It turned out that the service Find My iPhone from Apple has no protection against brute force – automatic password guessing. After you run a special program over and over again trying to enter a new password, through all available characters, and eventually found the desired combination. To protect against this way of hacking on other services after a number of failed password attempts are requested to confirm that the user is not a robot by entering the text from the image or otherwise.
As a result, choosing passwords to the service Find My iPhone, the attackers received, in fact, the data on the Apple ID – a single key input in all services Apple. Including iCloud, which automatically downloads all data from iPhone, iPad and other i-devices.
A few hours before breaking the code to exploit this vulnerability was uploaded to the service GitHub, a popular among programmers.
Of course, after such a wide public resonance Apple could not leave such a security hole, and now this method is no longer valid. Earlier iCloud account was hacked and the Prime Minister of Russia, Dmitry Medvedev, but there may have used a different method.
How to hack
As the “Gazeta.ru” Oleg Shaburov, head directions Symantec Internet security in Russia and the CIS countries, the basic hacking techniques only two – it’s a selection of the password or reset the password through the questions, specifically designed for situations where users forget it. “The second way is often to break into accounts of celebrities even easier as find information about public figures is much easier. These and enjoy the attackers, “- said the expert.
In order to protect against such hacking Shaburov recommends using strong passwords, and for questions to reset the password, do not choose to as a response to well-known facts.
One of the main vulnerabilities iCloud, experts say, is the lack of a complex two-stage authorization. If you are using sophisticated tools cloud service from Apple is easy to hack, said at the conference bezopasnik in October 2013 a Russian hacker Vladimir Katalov. The only way to protect data in the case of this vulnerability Shaburov calls refusal to use iCloud.
In turn anti-virus expert “Kaspersky Lab” Sergei LOZHKIN said that the most common method of hacking iCloud – a phishing email containing a malicious link. It can be sent as e-mail on behalf of the administration of the service, and on behalf of other related services. Letter may contain a request to urgently change the password to update the services or systems and other fraudulent messages.
«When the user clicks on the link, it goes to the infected site, which looks exactly the same as the website of the service . Design, logo design, domain name – all very similar, the attackers here are pretty accurate. Once the user enters a username and password on a fake site, these data are sent directly into the wrong hands, “- said LOZHKIN.
Another way to get the user information, according to the expert, the banal infecting computers. Malware monitors all user actions, including passwords entered, and then sends them to the attacker.
Speaking of protective measures, LOZHKIN said that the main thing – it’s care of this person. Care should be taken to check the sender’s address.
«Also, do not click on links in messages from unknown recipients, you should not forget to check the authenticity of the address bar of your browser when you enter personal data, and it is best to use a secure connection https », – he added.
In addition, have LOZHKIN, use complex passwords that differ for different accounts and services. The expert also recommended to have two e-mail addresses – one for personal correspondence, the other for different services. All these precautions, respectively, and are working to cloud storage.
Personal Cloud
However, for those who are seriously concerned about the security of their data, there is another alternative – its own cloud. Now you can without too much trouble to create their own cloud storage, buying a hard drive connected to the Internet, and install the appropriate software on their devices. Thus, all your data will be stored you personally, but at the same time, you can access them from anywhere. These services are now offered by many companies.
The Director-General of Acer Russian Denis Kutnikov says he does not believe that any particular service can be 100% reliable friend in the security, as very often the information leakage and break-ins occur because of human error, from which no one is immune.
«If we talk about the differences between public and personal cloud, then there is more difference in the concepts of construction and principles of operation. Private cloud by type BYOC (Build your own cloud) means that you make your own store on your PC, but do not use other people’s resources (data centers). That is, with the help of software (in this case, ab Apps) you get access to your PC from anywhere in the world “- says Kutnikov.
plus a personal cloud service experts are usually called:
– full control over the data: the files are physically located on your selected device;
– unlimited size of the cloud: you decide how much space you need;
– cross-platform: to work with your files you do not need to use only a particular type of device or OS. Furthermore, to connect the user’s device with its own cloud is used quite sophisticated encryption that is more safe.
No comments:
Post a Comment