WhiteLake Group
  • Home
  • Blog
  • About
  • Contact
  • Home
  • Blog
  • About
  • Contact
Search

The Dangers of Cloud Computing and Remote Desktop

11/13/2017

0 Comments

 
Picture
In recent years, lots of vulnerabilities have been exposed regarding Apple’s iCloud service and features of remote desktop on Android devices, but as to the extent of what could happen have been relatively downplayed in the mainstream news.
​
Picture
​750 million Apple iCloud accounts could currently be compromised. A major security breach affecting almost a billion users was eclipsed by publicity events such as the Fappening, which "leaked" celebrity photos as part of American media info-tainment.

At first, you might not know that your account has been hacked. It could be that you suddenly start to notice that your battery life has been drastically shortened. Apple says that their lithium ion battery has an average of 2 years, but this is in fact, actually untrue. The lithium ion battery in an iPhone should last between 5-7 years; some lithium batteries last up to 20 years.
​

Picture

A lithium ion battery in an iPhone or Android device should last 5-7 years. If you've started to notice that your battery life in your 1-2 year phone has been drastically shortened, then you've probably been hacked.


Before I first suspected my iPhone and Android phones had been hacked, I first started noticing that it would take an extraordinary long amount of time for my iPhone 6S to charge a few months ago. Whereas, it would take around an hour to fully charge, now it was strangely charging at 2% per hour. Then my iPhone began to suddenly shut off even when I had 50% battery life left. The screen would show it had no battery, and that I needed to plug it in to recharge. However, after several minutes, I would be able to turn my phone back on again, and it would show the battery life along with the bluetooth feature somehow magically becoming automatically turned on when I had previously disabled it. Similarly, my Samsung mobile device would begin to overheat even if left on standby not seemingly doing anything. It also suddenly started having a very short battery life.
​
After some investigation, and deleting various apps off my phones to see if they were potentially the cause, I found that what had the ultimate cause on my iPhone had been my iCloud account and that organisations or hackers had gained access to my iCloud account in which they could remotely control my iPhone, my computer and all other connected devices. I noticed that putting my phone on low power mode, and disabling all background information immediately allowed my battery to become optimal again. After a clean reset, and erasing all information off my iPhone and Samsung device, my battery began working perfectly again.
​
Picture
Cloud storage and computing, a new way for hackers to get remote access to all your computers and mobile devices.

It does not matter if you have a 2-step verification on your iCloud account, because through a breach in the iCloud account, hackers and organisations can take control of your phone. It does not matter if you have a strong password; this is no guarantee that your iCloud account won’t be hacked. It does not even matter if you have a physical device such as a Ledger Nano S or any other physical device to authenticate your email or cryptocurrency wallet accounts, because through access to your iCloud account, hackers can take full control of your computer remotely.
​
Picture
Physical devices such as the hardware Nano Ledger S wallet can potentially be compromised via MIM attacks or backdoors in which the target transaction could potentially be hijacked through different output addresses which requires reinstalling the Ledger manager app, although the seed and key are generated on the hardware device. Multi-signature wallets can also be compromised as with the recent $300 million Parity debacle.
​

When we think of security, we think of individual passwords and 2-step verification via your mobile device. We now even have physical devices for added authentication, similar to a physical key. However, even those security measures can be ineffective if the computer or target device has already been compromised or as MIM attacks become more sophisticated over time. For security to be effective, all organisations must work together to prevent a security breach in just one account in a cluster of accounts, because through a single breach in the Cloud, the organisations behind hackers can take full control of the target person’s account and have access to all their accounts: emails, eCommerce sites, banking sites, currency sites, cryptocurrency sites et al.
​

Picture
The top 4 critical security flaws that threaten cloud storage and computing.

Because the nature of cloud services and also Google and Microsoft’s remote desktop features allows remote control of all computers and devices in your network, this makes it a particularly dangerous for target individuals who are unaware that their devices and computers have been breached. The problems in Apple’s iCloud is exactly the same for Android systems with remote desktop features. Through access to someone’s Cloud account, or remote desktop on Android accounts, organisations behind hackers are able to send fake OS update information so that users unwittingly download programmes that can be custom tailored for the target device, in addition to allowing hackers to be able to control any computer or device remotely.

The beautiful and ugly thing about open source software for Android is that although users can build upon each other’s work, hackers and organisations can custom tailor phishing scams through backdoors. One example is one that doesn’t even need the target to open the email for it to become effective by exploiting zero day vulnerabilities. I recall that on one of my Android accounts, some of the hacks had dates such as the year 1960 when the email had been sent, and like a disappearing message, immediately vanished before taking crucial information from my account.

We live in a sophisticated, interconnected, complex world in which none of our online information is safe from zero day vulnerabilities. The best thing for us, as individuals, is for corporations to guarantee and safeguard our information and assets in the event of an organised hack. When we think of hackers, we often think of lone computer geniuses, playing Rammstein, and individually hacking into people’s personal accounts. However, the majority of hackers are people recruited into online, organised crime by organisations that have access to multi-million dollar funding; some hackers might have even been trained by our governments.
A strong password and a 2-step verification are not good enough. A physical device to authenticate your email or other accounts is not good enough if your computer operating system has already been compromised. Physical wallets such as the Trezor and Ledger Nano S become obsolete the minute they come onto the market. All these tactics are illusory methods by corporations to make us think our accounts are safe when they do little to prevent hacks.
​
Picture
Sea creatures often resort to safety in numbers to protect themselves from predators. In a similar manner, internet, eCommerce and telecomm companies must work together to protect users from zero day vulnerabilities.

What we need is for all corporations, eCommerce, telecomm, internet service providers, email providers, search engines and online businesses to all work together to prevent zero day vulnerabilities. Google has added security features to their accounts, but that means nothing when the rest of the internet players do not have the same security features.
​

What we need is to either push for legislation to keep cloud computing secure as part of protected infrastructure or we need all internet and telecomm companies to step up and work with all the other players to keep our information safe from zero day vulnerabilities. One company alone, cannot protect all our information and devices in the cloud.


​By Sierra Choi
0 Comments



Leave a Reply.

    CONTRIBUTORS


    JOHN ROWLAND, Managing Partner, Whitelake Group

    SIERRA CHOI,
    Adviser, Whitelake Group


    ASHOK PAREKH,
    Director of Investment Services,

    Whitelake Group


    Archives

    June 2022
    March 2022
    December 2021
    October 2021
    September 2021
    May 2021
    April 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    April 2020
    March 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    May 2019
    April 2019
    March 2019
    February 2019
    December 2018
    November 2018
    October 2018
    September 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015

    Categories

    All

    RSS Feed

Proudly powered by Weebly
  • Home
  • Blog
  • About
  • Contact