All Posts, Editorials

The Unsecured Cloud: Your Digital Life In A Glass Box

Image Credit: Nicholas_T

If you haven’t read the horrifying details of Wired senior writer Mat Honan’s digital life being turned upside down, get to it. It’s a harrowing tale of what amounts to a home invasion and annihilation of his online identity, partly due to Honan’s own inconsistencies and shortcomings with his digital information, but mainly due to the failures of Amazon and Apple, who operate the two biggest credit card collections in the world.

there is no simple fix for the kinds of issues that brought about the hacking of Honan’s accounts.

As much as many have said this could have been prevented, or at least tempered the damage by not having all of his accounts interconnected, the truth is the majority of people operate in the same fashion. The worst part is, there is no simple fix for the kinds of issues that brought about the hacking of Honan’s accounts. The last four digits of your credit card will continue to be a verification method. Very few people remember their entire credit card number, and if they have multiple cards? Forget it.

And what happens when we fully integrate into the cloud? Two-step authentication is an option, but let’s be honest — there are a lot of people who are lazy and won’t do it unless they are forced — and for it to really work, it can’t just be Google, it has to be a complete shift in security preferences across the board.

The complete integration into the cloud will be the biggest test of privacy and security on the Internet to date. Hackers have always been at arm’s length for most of the Internet population. If you kept all of your information on your hard drive, it was a difficult task for a hacker to reach it. Your computer had to be on, had to be online, and some form of software needed to be used, whether it be a key logger, or a remote access tool. All you had to do was unplug your computer from the Internet, and for all intents and purposes, you were untouchable.

All you had to do was unplug from the Internet, and for all intents and purposes, you were untouchable.

The cloud is a different beast. The cloud is taking your digital information, from behind a steel door that could only be accessed when you were online, and moving it to a hanging glass box suspended above you at all times. Sure it may be built from the strongest glass ever constructed, but if there is a crack, one small crack, the whole thing will come crashing down on your head.

And that’s the huge, glaring problem with the cloud — you can’t disconnect from it. It’s always on, and always vulnerable with our current paltry security methods. Honan’s hacking was devastating, but luckily — even though they did serious damage — the people who hacked him were apparently in it only to get access to his Twitter account. Deleting his digital life was just another step to keep him from re-accessing his Twitter account. Everything that happened to Honan was in effect “collateral damage.” They weren’t there for money, or for access to his address book, which as a noted journalist, no doubt carries a few prominent names and numbers in it.

So what happens when the next group of idiots decide to go for the bigger fish through someone else? What happens when if hackers figure out how to build a backdoor into the cloud, which is entirely possible no matter what “security experts” tell you? If we built it, we can break in to it. If we are going to live in the cloud, we need to seriously reevaluate our security protocols, because unlike the past 30 years of the Internet, there is no plug to yank out.

All Posts, Editorials

Carrier IQ: What You Need to Know

Article first published as Carrier IQ: What You Need to Know on Technorati.

Let’s cut to the chase; Carrier IQ is a piece of software that may be tracking data on your smartphone. Key logging (tracking the keys that you press on your smartphone), reading your SMS, and tracking the personal data that you submit. These are some of the things that have been uncovered in a piece of software that is installed on over 141 million devices.

Carriers like Verizon, and companies like RIM and Nokia, have claimed that the software is not present on their devices, but these claims have been deemed false by those with knowledge of the software. RIM claims that the software is not ‘pre-installed’ on any of their devices, passing the blame to the carriers. In Nokia’s case, they claim that the software isn’t compatible, which has also been proven false. HTC claims that carriers make them install the software on their devices.

The capabilities of Carrier IQ was first brought up by security researcher Trevor Eckhart last month. Eckhart initially discovered the software on Android.  chpwn, a noted iPhone hacker, has uncovered the software on iOS, albeit slightly understated. Senator Al Franken has sent a letter to Carrier IQ, giving them a December 14th deadline to answer questions about how the service works, and gets data from users.

Speaking to The Verge, Carrier IQ says it will have an independent security company conduct independent investigations into whether the claims are true.

This story is long from finished. It will get bigger, as these things usually do, and more scathing details will be uncovered. And from the looks of it, this isn’t just one manufacturer, or one carrier; it’s everyone.