Takeaways From the iCloud Hack

By   ISBuzz Team
Writer , Information Security Buzz | Sep 25, 2014 05:02 pm PST

Many stars owe their fame and fortune to the camera, but this is definitely not what they signed up for. A long list of female film and music stars have had sensitive information stolen from them. They assumed their data was stored in a secure place, but it obviously wasn’t.

We all assume the information we store on our tablets and smartphones is safe. However, that’s never the case. Whether it’s personal pictures or schematics for a new gadget, if a hacker wants it badly enough, they’re going to find a way to steal it from you. Additionally, with BYOD (Bring Your Own Device) policies expanding rapidly, more people are using their personal devices for work purposes with little or no protection. The threat to your business is every day becoming more urgent and real.

Featured Download: CISO Data Breach Guide

It’s been impossible to miss the biggest tech story of the past few weeks (perhaps even bigger than the release of the new iPhone). A few weeks ago, hackers allegedly exploited weaknesses in the iCloud service (within the Find My Iphone feature, to be exact) and gained access to the private accounts of stars like Jennifer Lawrence, Kate Upton, and Kim Kardashian. Apple is claiming that iCloud isn’t to blame, that this is fundamentally a matter of how each iCloud user chooses to protect their personal information.

There are a million different articles that describe just how this attack might have happened. To make sense of all of these competing accounts, let’s look at the facts. Whether you’re a celebrity or a security professional trying to gain control over the consumerization of IT, cloud services, social network apps, and mobile browsers make up a huge chunk of time spent on a mobile device.

In the world where BYOD is part of most enterprises, there are a couple of critical takeaways here:

– The reality is that services and apps will eventually be hacked. It is clear by now that we can’t rely on users to keep their devices and accounts secure. Unfortunately, as the case of iCloud has shown, the level of security that device vendors and app developers provide is still inadequate to make up for this deficiency. As a result, it is necessary to resort to compensating security controls.

– The fact that this attack targeted the rich, famous and beautiful means that the FBI and Apple are both acting much faster than they might in other cases. Accordingly, we cannot expect the same response time for personal theft and fraud.

– Finally, it’s up to enterprises to make mobile security part of their comprehensive security strategy. To do this, businesses must:

1. Understand the value and risks of using mobile devices for work purposes.
2. Identify holes in their security strategy and realize that traditional MDM and Security Information and Event Management (SIEM) solutions address only part of the problem.
3. Implement solutions that can detect and analyze existing as well as unidentified threats to mobile devices, apps, and in the data stream, and then mitigate threats appropriately based on the risk assessment.

To read more about our thoughts about and reactions to the iCloud scandal, go to www.lacoon.com/blog.

By Yonni Shelmerdine, Mobile Security Trends Analyst, Lacoon

Yonni_LacoonYonni is the lead Mobile Security Trends Analyst at Lacoon. Yonni brings five years of experience in Datacom & GSM network security analysis from an elite unit in Israel’s Intelligence Corps. Yonni heads the analysis of mobile attack trends where he researches new attack vectors and identifies major mobile malware attack patterns. Juggling university, work and football isn’t easy, but Yonni is a master of multi-tasking.