Cloud hacking: Why online backup for phones is a bad idea.

Eliminating backups to the cloud is the best option. Changing challenge questions and passwords is the best way to make online backup more secure.
Eliminating backups to the cloud is the best option. Changing challenge questions and passwords is the best way to make online backup more secure.

From the backroom of one of my stores I overheard a customer telling a not-so-unique story to one of my technicians.  She had been locked from her primary email account and her iTunes password had changed.  Her question was why this happened.

I’ve heard related stories about a half dozen times from similar customers.  All the customers have been women ranging in age from late teens to mid-twenties.  No matter the brand of phone, each has had some type of phone and/or password issue.

Cloud storage hacks are a real threat and shouldn’t be taken lightly.  Most smartphones on the market today are set to automatically backup the phone’s contents to the cloud.  Once an account is created (through Apple or Google), data is uploaded to a central server for safekeeping.

With a little social engineering and a fair amount of time, Apple’s iCloud service can be broken into.  Even from a PC, iCloud data can be viewed without the Apple device present and without owner’s consent.  Basically the information stored in the cloud becomes vulnerable to a data voyeur.

Breaking into cloud storage has essentially three steps.  First, the primary email account is cracked.  Second, the cloud storage password is bypassed.  Finally, the cloud password is changed and data pulled.

The process of gaining access starts with knowing a bit about the subject.  Knowing the subject’s primary email account address is mandatory.  Having a basic knowledge of the person’s life is helpful but not essential.

Suppose I lost my email address password.  The process of changing it usually requires answering a few challenge questions such as the street I grew up on or my favorite board game.  Answering those questions for me is easy because it’s my life.

Unfortunately, answering those for someone else is not much harder.  Knowing a bit about the subject makes it much easier.  Just about anyone who knows a bit about the person can gain access with basic challenge questions.

The only reason for breaking into the primary email address is to read the account information for the cell phone’s account.  The phone’s password is mailed to the primary email address each time it’s changed.  A quick search for “iTunes” and the perpetrator has what he needs.

Armed with the email address and password attached to the phone the criminal can use any number of free or low cost software titles to pull data from the cloud.  Pictures, documents, videos, and just about anything uploaded can be snooped.

There is only one reason someone might be encouraged to scavenge cloud storage.  Either the voyeur knows or suspects the subject of having graphic pictures.  The goal of the snoop is to get any information he can on the subject via her phone.  This is a form of stalking and harassment.

Most of the time pictures and data are downloaded for personal use, feeding the perpetrator’s ego.  However, some of the time private pictures are re-uploaded (or re-upped) to anonymous image boards which can be seen by anyone.  One very popular board lists pictures by city and state.

Prevention is not so difficult.  Obviously not using cloud storage is the simple answer.  Never use the right answers for challenge questions; I use made up words and old passwords for the answers.  Better yet, if your email provider has a text option for password retrieval use that service.  Also, make all your passwords different and hard to guess.

As the father of two teenage girls I’m nervous a mistake on their part could end up online.  Educating our kids about the dangers of cloud storage and good password management will keep their private information private.  We can’t control what they do, but we can show them better ways of doing whatever they choose.

 (Jeromy Patriquin is the President of Laptop & Computer Repair, Inc. located at 509 Main St. in Gardner.  You can text him directly at (978) 413-2840 or visit www.LocalComputerWiz.com.)