Imagining An Attack That Could Wipe Out Trust In The Cloud

In a previous post, I described how the public confidence in services that collect your private information is getting closer to crossing the creepy line, and that any security breaches that actually harm customers would likely be the final straw that break the camel’s back. I also mentioned that instead of Google, Facebook and others, I predict that the final straw will actually come from hackers intruding into our devices and accounts.

Here, I want to elaborate on the example that I have in mind. Before this however, I want to update the reader on a relatively new form of malware called Ransomware. Ransomware is holds your data hostage and importantly, instead of just causing you trouble, it blackmails you to send money. Also of great significance is that Ransomware creation can now be outsourced.

Ransomware works because victims are willing to pay money to get back their files. However, now that we often have more valuable data on our smartphones or in the Cloud than on our PCs, it is reasonable to assume that hackers are right now thinking of new ways to hold your private photos, your location data, or messages that you might want to keep secret as hostages.

For example, a recent Apple Ransom scam  asked for a $30-$50 ransom or otherwise they would do a factory reset. The author advises that you simply ignore this because you can easily recover with a backup. However, what if the scammer had threatened to publish all your photos, your emails, your location data, etc. on the web for all to see. Would you still ignore the scammer? Unlike the iCloud celebrity photo leak, this is something that could happen to any normal person, and this is what makes it so scary.

This is not about Apple vs. Google/Facebook or about any single company’s approach to privacy. If such attacks became widespread, it could cause people to be scared of storing anything in the cloud, despite whatever security measures each individual company took. Of course two-factor authentication will help, but not enough people use it yet.

Advanced two-factor authentication systems may mitigate the worries in the future. However, if such attacks strike now, I fear that the companies that depend on the cloud will have a hard time getting people to trust them once again. Given the potentially widespread consequences, I think this is definitely something to give due thought to.