Serious Flaws Discovered in Apple iCloud Backup Security

Recently I posted an article explaining why attorneys should be concerned about the recent iCloud celebrity photo breach. At the time that I posted the article, details were just coming out about how these individuals had their confidential materials leaked. Since then, the leading theory has been that the celebrities had their iCloud iPhone backups accessed by malicious users using tools originally developed for law enforcement purposes. Christina Warren of Mashable recently posted a great article explaining just how easily she was able to hack her own iCloud backup. I recommend that all attorneys read her post to see just how easy some of this information can be obtained.  

My recommendation based on the events of the past week is that attorneys should not store confidential materials on iCloud until Apple makes the online service more secure. If you backup your iPhone or iPad using iTunes, you have the option of encrypting your backup with a separate password (that can and should be different from your iTunes password). Unfortunately this option is not available for iCloud backups. Without a second-factor authentication option or a separate encryption password for your online backups, a malicious user would only need to determine your iCloud password to access all your backed up data.

image

You can turn off iCloud backup by going into your iOS settings and choosing iCloud. Within the initial iCloud settings you can choose Storage & Backup to choose whether to enable iCloud Backup. Within that settings panel simply disable iCloud backup to turn it of on your device.

image

If you have other iOS devices, choose Manage Storage and from there you can delete backups from iCloud. You also should be careful that you understand what other apps on your device may be using iCloud to store data. To determine this, choose Documents & Data from within the initial iCloud settings. This will give you a list of apps that are storing data on iCloud. If you keep confidential client data within any of these apps, you may want to disable the ability of these apps to store documents and data in iCloud.

image

It is important to remember that these recommendations are only if you have confidential information on your device. If you do choose to disable iCloud backups, it is important that you plug your device into your computer and backup using iTunes on a regular basis (and select the encryption option in iTunes). Email account passwords are not stored on the iCloud backup, so do not worry about this information being at risk if you do choose to use iCloud backup.

I am hoping that with the attention this has been receiving in the press that Apple quickly offers options to better secure iCloud in the near future. In the meantime, it is important that you at least understand what data on your device is being uploaded to the cloud and that you know if it is adequately protected.

Update: According to 9 to 5 Mac, Apple’s CEO Tim Cook has issued a statement promising that Apple will enable new notifications in the next two weeks to address some of the concerns discussed above. Notably individuals will begin to receive emails when a password is changed, when a backup is restored to a new device, when a device logs into iCloud for the first time, and users will be able to use two factor authentication for iCloud when iOS 8 is released. It is nice that Apple is promising quick improvements to better secure user’s data.

Read Christina Warren’s How I Hacked My Own iCloud Account, for Just $200 http://feedproxy.google.com/~r/Mashable/~3/I41sXRKDLao/

Introduction to Control Center for the iPad

Control Center for Attorneys

Control Center is a feature on the iPad that allows a user to quickly select some basic settings without having to launch the iOS settings app. It was introduced in iOS 7, but I am often surprised that many attorneys do not know it exists. Control Center is accessed by swiping up from the bottom of your screen on your iPad, and it only takes up a small portion of your screen. I have created a short YouTube Video showing how to use Control Center, and describing all the functions that you can access with it:

In the video, you will learn how to launch Control Center, how to change settings on your device using Control Center, and how to customize when Control Center is used. As an attorney, I often use Control Center while traveling to switch Airplane Mode on and off, while presenting to enable Airplay, AirDrop, and Do Not Disturb, and when listening to Podcast or Audiobooks to quickly pause titles, skip around tracks, or to change the volume. Control Center is a useful tool that allows you to quickly access functions without leaving an application, and has often helped save valuable time.