A recent hack carried out on a journalist resulted in him losing his entire ‘digital life’, thanks to flaws in both Apple and Amazon public cloud services. Whilst Mat Hanon, the victim of the attack, admitted his mistake of linking many of his accounts together, he also said: “what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s”. “Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.”
“The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.”
Mr Hanon first noticed a problem when his iPhone turned itself off and he couldn’t access any of his data, then the same happened to his iPad, MacBook Air and he also lost control of both his Gmail and Twitter accounts.
His Gmail account was later deleted and after a one and a half hour conversation with Apple support, he eventually got to the root of the problem. Hanon said that he has since heard from other users who have experienced the same problem and reasons that, for public cloud, different security measures are necessary to ensure that hackers can’t use similar tactics that they have in the past.
By this he means measures that counter attacks known as ‘brute force’ and social engineering tactics, which were employed by the hacker to persuade Apple to hand over control of his iCloud account and essentially all of his devices.
Whilst this is more of a concern on a consumer basis, it does illustrate a good lesson learned in back up and the choice of cloud service providers, some of whom may not carry out good security practices.
Whilst Amazon has been criticised in the past over the security of its public cloud service, Apple are more renowned for being the most secure OS on the market. However, not only has this been disproven lately by a botnet that targeted Mac users, but also by this incidence of customer support gone wrong.
From an enterprise point of view, this could represent a serious problem for those who run BYOD schemes. Whilst we have covered the potential issues surrounding such schemes before, this is a very good illustration of what could happen to an organisation’s data if they don’t have sound BYOD policies in place.
The hacker was not only able to take control of email and Twitter accounts, he also had full control of all of Mr Hanon’s Apple devices and were able to impose four-digit lock codes on each device before wiping all of the data. Of course, this also means that they had access to all of this data.
Apple responded to the incident saying that: “In this particular case, the consumer data were committed by a person who had access to this personal information. In addition, we discovered that our policy not was duly fulfilled. We are reviewing all our processes to reset passwords to ensure that our customer’s data is safe.”
However, the only information the hacker had was the last four digits of a credit card, hardly the full information necessary for security, surely. In fact, the hacker, calling himself 'Phobia' later told Mr Hanon that it's a simple matter to access any Apple email address and then progress from there.
Any business thinking of using cloud services such as virtual hosted desktops for example then, should be absolutely positive that they have a strong BYOD policy in place that addresses issues such as this. Not only should employees be made aware of the dangers of linked accounts, but also ensure that they have layers of protection set up to guard against this kind of problem.
This should be worked into any plan when it comes to deployment within the cloud, which once again flags up the importance of having a sound strategy in place when it comes to moving to the cloud.
It’s important therefore, to liaise with your GoCloud hosted desktop reseller if you’re a client as we provide them with full training to ensure that not only you gain the best solution for your company, but also ensure that your business benefits from great support and training, as well as having the correct privacy and security policies in place.
Cloud vs. Traditional
Discover how hosted solutions are powering a rapid UK-wide adoption of remote working.
Sign up today as a GoCloud reseller and benefit from a FREE hosted desktop with every 5 hosted desktops you sell or purchase for your own business.
Free hosted desktops are for internal use within your company and are a great way to demonstrate the power of a cloud desktop solution to your clients!
Your free reseller environment includes these 4 Virtual Machines running your own RDS environment:
1 Active Directory Server: store user files, profiles & shared drives
1 Dedicated Firewall: with dedicated IP address and VLAN
1 Remote Desktop Login Gateway: for user login & verification
1 Remote Desktop Server Host: the home of each user’s desktop
Reseller Hosted Desktops will only be provisioned upon request.
Reseller Hosted Desktops cannot be obtained in conjunction with any other offer including discounts.
Only Client Hosted Desktops purchased on or after 12 February 2020 are eligible for this offer.
In addition to the free Reseller Hosted Desktops, additional Reseller Hosted Desktops and resources can be purchased.
The Partner must maintain a ratio of at least 5 purchased Client Hosted Desktops to 1 Reseller Hosted Desktop, so for example if you purchase 10 Client Hosted Desktops, you will have 2 additional free Reseller Hosted Desktops. If the client downsizes to 5 desktops, you will either need to relinquish 1 free Reseller Hosted Desktop, or pay for 1 of your 2 Reseller Hosted Desktops.
The Reseller Hosted Desktop is for use by the Partner only and cannot be resold or hired out for use by third parties.
Partners must have a portfolio of at least 10 Client Hosted Desktops within 12 months to maintain the free subscription.
The minimum 5 User environment is not enforced on Reseller Hosted Desktop environments.
We reserve the right to change these terms at any time.