Apple & Amazon Customer Service Hacked: Can The Cloud Be Trusted?

Once your data is in the cloud you lose all control of it. A journalist’s online persona was recently hijacked through hackers’ clever and scary manipulation of Apple and Amazon’s tech support. This could happen to any of us, at any time.

A description of the incident from the journalist, Mat Honan, who works for Wired:

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

The Price Of Cloud Computing?
This, folks, is the kind of thing that terrifies me. Years ago I wrote a post called Cloud Computing For Consumers Makes Me Cringe, in which I expressed my concerns over the proliferation of consumer tech based on the cloud. I’m far from the only one; the tech industry has been at each others’ throats for years. Some see the cloud as too vulnerable, while others say it’s a vital (and inevitable) resource.

It seems our fears have been realized. Like everyone else I want the fun new features of today’s devices, but I don’t trust the cloud, especially when I hear about incidents like the Apple+Amazon debacle.

I’ve been in tech support far too long to be fooled. I know other incidents are happening that we aren’t hearing about. I know my data is residing in places I don’t intend. I know that in some ways I’m helpless to stop that, but I can also choose which technology to embrace and which to reject. And I reject the idea that I need a distant datacenter for even the most minute of daily tasks.

Is It Too Late?
Of course that’s a largely symbolic statement. In reality, I’m already using the cloud in ways I don’t like, but was forced to. We all are. What scares me is that most people don’t know how cloud-dependent the world is becoming. They think they’re not using the cloud even when they are.

Apple leads the pack with iCloud. You can’t sneeze on an Apple device without it asking if you want to use iCloud. Soon you’ll have to use Apple’s cloud service even if all you want is to sync the basics like calendar and contacts. But once transferred, our data is not necessarily protected, as our poor Wired journalist learned. From an article about the incident:

On Aug. 3, an “epic hack” compromised technology journalist Mat Honan’s Twitter account. Along the way, the attacker–known as “Phobia”–also managed to remotely erase Honan’s Apple laptop, iPhone, and iPad. Furthermore, Phobia did it by socially engineering–as in, tricking–customer service representatives at Amazon and Apple, allowing him to gain sufficient information to first access Honan’s iCloud and Gmail accounts.

Manufacturers Need To Step Up Security
Granted, Honan did a few things that aided the criminal. He linked accounts together (notably Twitter), he didn’t activate all the security available on his devices, and he didn’t have good backups. But, in my opinion, that’s as much the fault of the manufacturers as it is the consumer.

We’re encouraged to link accounts. We’re encouraged to take advantage of all the shiny new features. There is never any fine print that says, “oh, by the way, if a hacker makes it this far, enabling this feature means you’re screwed.” And it’s not always clear that “turn this feature on” means “your data will be transmitted”.

I also lay blame at the manufacturers’ feet for their EpicFail on internal security practices that would have prevented the criminal from gaming the system to gain the information needed to break in.

The journalist was technically savvy and this still happened. Imagine how much harder for the average person! I know because I’ve spent most of my career helping small businesses and consumers with just this sort of problem, and there are few good solutions.

It’s not just Apple and Amazon. This is an industry-wide problem that the industry hasn’t addressed. Vendors are quick to point out new features: more speed, more memory, bigger, better, faster… but the consequences are not always recognized until after the technology has been embraced by the public.

How You Can Protect Yourself
Which means you, dear consumer, are on your own in deciding which technology is safe or unsafe. This is harder than it sounds. Like everything else in our advertising-driven world, some of the information you’ll read is sponsored by the people who sell the products. You have to sift, filter, and decide for yourself. (This blog, for the record, is sponsored solely by me.)

Personally I think it’s absolutely stupid that my modern iPad can’t do what my creaky old PalmPilot still can: sync data via a physical cable. Tech manufacturers need to GIVE US AN OFFLINE OPTION instead of forcing us to use the cloud because they obviously can’t secure the cloud.

I’m also looking at you, video game manufacturers. I chose not to play Diablo III specifically because it requires an always-on connection to the servers. Gee, now Blizzard is telling the Diablo and World of Warcraft players that those servers were hacked and their personal info was stolen. I like a good fantasy RPG as much as the next geek but not at that cost.

The industry is throwing us at the cloud because cloud computing makes it easier for them to write the programs and provide support for them. If everything’s in the cloud they don’t have to deal with multiple computer configurations, multiple devices, and tons of tech support headaches. “Hi, I’ve got a Palm V connecting via serial to a Pentium II running Windows 98, and somehow it won’t also connect to my new Windows 7 laptop…”

It’s my firm belief that every device should have a setup wizard that walks you through securing that device. This might not stop people gaming the system but it makes it a lot harder for them to get very far with your data, even if they do manage to break into your accounts.

The cloud may be easier for vendors, but not always so for consumers. My advice is to use it at your own risk.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s