One of the biggest technology stories over the Labor Day weekend was the apparent hack of Apple’s iCloud service that resulted in the release of nude photos of celebrities, including Jennifer Lawrence. The hackers appear to have taken advantage of a security vulnerability in Apple’s Find My iPhone; a proof-of-concept called iBrute shows how it could have been done. Apple says it has fixed the problem, and the company and the FBI are both investigating.
For enterprises, this incident again raises the security issues inherent in the use of mobile devices and public cloud computing services. Many smartphones, like the iPhone, automatically back up device data to a cloud service. When employees use personal phones for work purposes, they could be putting enterprise data at risk unless the company has taken appropriate measures to stop that from happening.
The use of public cloud services for other business purposes, including cloud development, could pose similar risks. Ars Technica writes, “If it?s in the cloud?a public, free cloud service, especially?then chances are good that eventually it will find its way to the Internet. Cloud services are leaky by their nature; things that are supposed to be private get stored alongside things that are shared, and anything from user error to a previously undiscovered vulnerability can make even strong passwords pointless, while exposing all of those things to the world.”