In recent years, lots of vulnerabilities have been exposed regarding Apple’s iCloud service and features of remote desktop on Android devices, but as to the extent of what could happen have been relatively downplayed in the mainstream news.
750 million Apple iCloud accounts could currently be compromised. A major security breach affecting almost a billion users was eclipsed by publicity events such as the Fappening, which "leaked" celebrity photos as part of American media info-tainment.
At first, you might not know that your account has been hacked. It could be that you suddenly start to notice that your battery life has been drastically shortened. Apple says that their lithium ion battery has an average of 2 years, but this is in fact, actually untrue. The lithium ion battery in an iPhone should last between 5-7 years; some lithium batteries last up to 20 years.
A lithium ion battery in an iPhone or Android device should last 5-7 years. If you've started to notice that your battery life in your 1-2 year phone has been drastically shortened, then you've probably been hacked.
Before I first suspected my iPhone and Android phones had been hacked, I first started noticing that it would take an extraordinary long amount of time for my iPhone 6S to charge a few months ago. Whereas, it would take around an hour to fully charge, now it was strangely charging at 2% per hour. Then my iPhone began to suddenly shut off even when I had 50% battery life left. The screen would show it had no battery, and that I needed to plug it in to recharge. However, after several minutes, I would be able to turn my phone back on again, and it would show the battery life along with the bluetooth feature somehow magically becoming automatically turned on when I had previously disabled it. Similarly, my Samsung mobile device would begin to overheat even if left on standby not seemingly doing anything. It also suddenly started having a very short battery life.
After some investigation, and deleting various apps off my phones to see if they were potentially the cause, I found that what had the ultimate cause on my iPhone had been my iCloud account and that organisations or hackers had gained access to my iCloud account in which they could remotely control my iPhone, my computer and all other connected devices. I noticed that putting my phone on low power mode, and disabling all background information immediately allowed my battery to become optimal again. After a clean reset, and erasing all information off my iPhone and Samsung device, my battery began working perfectly again.
Cloud storage and computing, a new way for hackers to get remote access to all your computers and mobile devices.
It does not matter if you have a 2-step verification on your iCloud account, because through a breach in the iCloud account, hackers and organisations can take control of your phone. It does not matter if you have a strong password; this is no guarantee that your iCloud account won’t be hacked. It does not even matter if you have a physical device such as a Ledger Nano S or any other physical device to authenticate your email or cryptocurrency wallet accounts, because through access to your iCloud account, hackers can take full control of your computer remotely.
Physical devices such as the hardware Nano Ledger S wallet can potentially be compromised via MIM attacks or backdoors in which the target transaction could potentially be hijacked through different output addresses which requires reinstalling the Ledger manager app, although the seed and key are generated on the hardware device. Multi-signature wallets can also be compromised as with the recent $300 million Parity debacle.
When we think of security, we think of individual passwords and 2-step verification via your mobile device. We now even have physical devices for added authentication, similar to a physical key. However, even those security measures can be ineffective if the computer or target device has already been compromised or as MIM attacks become more sophisticated over time. For security to be effective, all organisations must work together to prevent a security breach in just one account in a cluster of accounts, because through a single breach in the Cloud, the organisations behind hackers can take full control of the target person’s account and have access to all their accounts: emails, eCommerce sites, banking sites, currency sites, cryptocurrency sites et al.
The top 4 critical security flaws that threaten cloud storage and computing.
Because the nature of cloud services and also Google and Microsoft’s remote desktop features allows remote control of all computers and devices in your network, this makes it a particularly dangerous for target individuals who are unaware that their devices and computers have been breached. The problems in Apple’s iCloud is exactly the same for Android systems with remote desktop features. Through access to someone’s Cloud account, or remote desktop on Android accounts, organisations behind hackers are able to send fake OS update information so that users unwittingly download programmes that can be custom tailored for the target device, in addition to allowing hackers to be able to control any computer or device remotely.
The beautiful and ugly thing about open source software for Android is that although users can build upon each other’s work, hackers and organisations can custom tailor phishing scams through backdoors. One example is one that doesn’t even need the target to open the email for it to become effective by exploiting zero day vulnerabilities. I recall that on one of my Android accounts, some of the hacks had dates such as the year 1960 when the email had been sent, and like a disappearing message, immediately vanished before taking crucial information from my account.
We live in a sophisticated, interconnected, complex world in which none of our online information is safe from zero day vulnerabilities. The best thing for us, as individuals, is for corporations to guarantee and safeguard our information and assets in the event of an organised hack. When we think of hackers, we often think of lone computer geniuses, playing Rammstein, and individually hacking into people’s personal accounts. However, the majority of hackers are people recruited into online, organised crime by organisations that have access to multi-million dollar funding; some hackers might have even been trained by our governments.
A strong password and a 2-step verification are not good enough. A physical device to authenticate your email or other accounts is not good enough if your computer operating system has already been compromised. Physical wallets such as the Trezor and Ledger Nano S become obsolete the minute they come onto the market. All these tactics are illusory methods by corporations to make us think our accounts are safe when they do little to prevent hacks.
Sea creatures often resort to safety in numbers to protect themselves from predators. In a similar manner, internet, eCommerce and telecomm companies must work together to protect users from zero day vulnerabilities.
What we need is for all corporations, eCommerce, telecomm, internet service providers, email providers, search engines and online businesses to all work together to prevent zero day vulnerabilities. Google has added security features to their accounts, but that means nothing when the rest of the internet players do not have the same security features.
What we need is to either push for legislation to keep cloud computing secure as part of protected infrastructure or we need all internet and telecomm companies to step up and work with all the other players to keep our information safe from zero day vulnerabilities. One company alone, cannot protect all our information and devices in the cloud.
By Sierra Choi