How secure is Apple’s iCloud?

“How secure is iCloud?” Christopher Breen reports for Macworld. “It would be worth your while to read Apple’s iCloud: iCloud security and privacy overview document. As its name hints, it spells out how your data is encrypted—both when it’s transmitted between your computer and Apple’s servers and when it’s stored on those servers.”

“The gist is that Apple uses a minimum of 128-bit AES encryption. This is the encryption standard used by banks and other financial institutions,” Breen reports. “As I write this, there is no practical way to crack AES-128 encryption—unless, of course, the NSA has found a way to introduce a weakness that allows it to get around it. But unless you’re an International Man of Mystery, I seriously doubt any government is interested in your private affairs.”

Read more in the full article here.

MacDailyNews Take: Oh, to be so trusting.

Unfortunately, there’s stuff like this that’s difficult to ignore and all too easy to extrapolate.

United States Constitution, Amendment IV:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. – Benjamin Franklin, Historical Review of Pennsylvania, 1759

Join The Electronic Frontier Foundation in calling for a full congressional investigation here.

Related articles:
NSA spying risks $35 billion in U.S. technology sales – November 27, 2013
Apple iPhones phased out of German government in favor of encrypted phones to block U.S. NSA spying – November 22, 2013
U.S. NSA secretly infiltrated Yahoo, Google data centers worldwide, Snowden documents say – October 30, 2013
Obama administration decides NSA spying is ‘essential,’ but oversight of NSA is not – October 8, 2013
Apple’s iPhone 5s with Touch ID seen as protection against U.S. NSA – September 16, 2013
German government: Windows 8 contains U.S. NSA snooping back doors; too dangerous to use – August 23, 2013
Report: NSA can see 75% of U.S. Web traffic, can snare emails – August 21, 2013
NSA can read email, online chats, track Web browsing without warrant, documents leaked by Edward Snowden show – July 31, 2013
Momentum builds against U.S. government surveillance – July 29, 2013
U.S. House rejects effort to curb NSA surveillance powers, 205-217 – July 24, 2013
Obama administration scrambles to shut down imminent U.S. House vote to defund NSA spying – July 24, 2013
Obama administration demands master encryption keys from firms in order to conduct electronic surveillance against Internet users – July 24, 2013
Apple, Google, dozens of others push Obama administration to disclose U.S. surveillance requests – July 19, 2013
Secret court agrees to allow Yahoo to reveal its fight against U.S. government PRISM requests – July 16, 2013
How Microsoft handed U.S. NSA, FBI, CIA access to users’ encrypted video, audio, and text communications – July 11, 2013
DuckDuckGo search engine surges 33% in wake of PRISM scandal – June 20, 2013
Yahoo: Since December 2012, we have received up to 13,000 U.S. gov’t requests for customer data – June 18, 2013
Apple: Since December 2012, we have received U.S. gov’t requests for customer data for up to 10,000 accounts – June 17, 2013
Nine companies, including Apple, tied to PRISM, Obama to be smacked with class-action lawsuit – June 12, 2013
U.S. lawmakers urge review of ‘Prism’ domestic spying, Patriot Act – June 10, 2013
PRISM: Do Apple, Google, Facebook have an ethical obligation not to spy on users? – June 8, 2013
Plausible deniability: The strange and unbelievable similarities in the Apple, Google, and Facebook PRISM denials – June 7, 2013
Google’s Larry Page on government eavesdropping: ‘We had not heard of a program called PRISM until yesterday’ – June 7, 2013
Seecrypt app lets iPhone, Android users keep voice calls, text messages away from carriers, government eyes and ears – June 7, 2013
Obama administration defends PRISM data-collection as legal anti-terrorism tool – June 7, 2013
Facebook, Google, Yahoo join Apple in sort-of denying PRISM involvement – June 7, 2013
Report: Intelligence program gives U.S. government direct access to customer data on Apple servers; Apple denies – June 6, 2013

19 Comments

        1. Any suggestions on what to update? Is it just vocabulary or are there principles that you think need to be added?

          Patrick Henry along with others wanted 20 items in the original BoR. We only got 10. BoR reads like it’s the government that is always our enemy. Something to remember next time our legislatures consider a bill they do not read.

          1. “All political power comes from the barrel of a gun. The communist party must command all the guns, that way, no guns can ever be used to command the party.”
            – Mao Tse Tung

            “The measures adopted to restore public order are: First of all, the elimination of the so-called subversive elements …. They were elements of disorder and subversion. On the morrow of each conflict I gave the categorical order to confiscate the largest possible number of weapons of every sort and kind. This confiscation, which continues with the utmost energy, has given satisfactory results.”
            – Benito Mussolini

            “The most foolish mistake we could possibly make would be to allow the subject races to possess arms. History shows that all conquerors who have allowed their subject races to carry arms have prepared their own downfall by so doing. Indeed, I would go so far as to say that the supply of arms to the underdogs is a sine qua non for the overthrow of any sovereignty.”
            – Adolf Hitler

  1. From what I understand they get away with it by saying that though they are collecting EVERYTHING they don’t actually look at it for a specific person unless they have cause. … Of course there are stories of NSA folks checking up on ex-girlfriends and other nefarious allegations of the same sort. Pretty fishy if you ask me.

  2. 128-bit AES is completely out of favor with most cryptographic professionals (and 100% of those with whom I deal).

    Even the U.S. Government has issued a mandate that all unclassified, but secure communications be done at 256-bit AES and upgrade to SHA-256 from SHA-1. I had to upgrade all my digital certificates and signatures over the past couple months because of this mandate.

    Apple needs to bring their minimum to this level.

    1. For those who live in the ‘shadows’ even 1024 bit AES isn’t enough. These creeps are not deserving of trust and don’t show trust in their fellow man. My advise for them: “Stop doing things that you might be ashamed of and live free.”

  3. When you see a pimply faced kid eating a Twinkie while driving a brand new Bugatti with the vanity license plate “ICLD HKR”, that would be the moment to cancel all your credit cards and stop putting your data on iCloud. Apple, Carbonite, etc will never ever admit if they have a breach.

  4. Has any iCloud user even bothered to read the small print in the user agreement? It’s just Apple’s brand for datamining personal info. If Apple encrypts your data, you know damn well it can un-encrypt it too. Will they bother to notify you when this happens? Of course not!

  5. Actually, the illusion of security is probably the least of Apple’s iCloud problems. Just take a stroll through Apple’s support forums and you will see overflowing lists of questions asking why syncing between iOS and Mac through the iCloud didn’t work, works intermittently, or whatever. There are a dearth of answers. Most people suggest rebooting (i.e., doing the Mac equivalent of CTRL-ALT-DEL), but problems persist.

    Unlike most Apple software of years past, the iCloud DOES NOT “just work”. Apple services have repeatedly been limited, poor, or simply unusable, and all the work put into the latest iteration of .Mac/MobileMe/iCloud still hasn’t got it right.

    The reality is that if you want to sync your personal data between any two Apple devices, the iCloud is neither secure, nor reliable, nor particularly fast. Use of a cable, bluetooth, or local Wi-Fi with a direct connection between your iGadget and your Mac (the master archive) remains by far the best choices.

    Of course, this is not just an Apple problem. All cloud computing sucks. But just wait, we’re only at the beginning of the corporate push to keep everyone tethered and monitored 24/7. That’s not all. The consumer costs will be killer once Apple and other cloud pushers get the laziest consumers hooked on their subscription-based computing service drugs.

    Just because Apple tended to be user-focused in the past doesn’t mean that the company remains so now. Hell, look how Jony and his design team ignored early and frequent criticisms of the font in iOS7. Though promising more powerful text management under the hood, many users find that iOS7 represents one of the least attractive and least legible OSes on the planet today — and no, the minimal controls that Apple offers to resolve the issue are anywhere near adequate.

    No, Apple seems not to be listening to users nearly as much as in the past. It is more interested in its competitions with scum like Facebook and Google than it cares about user experience, software reliability, service integrity, etc. User choices continue to be narrowed, user customization of Apple hardware continues to be restricted, interfaced and features that longtime Apple users enjoyed are inexplicably destroyed, etc. Of course Apple isn’t going to give consumers the option of 256 bit encryption, even if experts recommend it or users ask for it. Apple more than ever is a take-it-or-leave-it company.

    Perhaps this is why AAPL stock is flat for the year, and why Apple continues to struggle to make inroads in new markets outside its core luxury fashion-first consumers. Apple has largely abandoned small business and enterprise customers — you want to run a solid integrated computing system for your business with integrated stuff like inventory management, CRM, accounting, POS, and other common functionality? Good luck. Apple doesn’t compete there, it doesn’t work well with software companies that do work there. You’d think that Apple’s iCloud might be the perfect way to expand Apple sales to business customers. Nope. The iCloud offers no value to them. Businesses that are buying iPads by the truckload are developing their own custom apps for the devices. They all know iCloud is a disaster for mission-critical operations. They have seen over and over that Apple refuses to step up to the reliability and support that businesses require. Without that valuable experience, the increasingly consumer-focused Apple will continue to offer no better than consumer-grade services. Backup your data somewhere else, folks.

  6. You americans are happy with your constitution and amendment 4 should protect your privacy. But what about us Europeans (and other people outside US)? Where are our rights when using these services? Should we start boycotting all american services? When the US companies are not listening to customers (bar Americans) maybe they listen money.

    1. The Constitution and the Fourth Amendment should be safeguarding our liberties and Rights, but we currently have an administration in power, a president, the ruling political party, and a good portion of the minority party holding the position that those principles are no longer valid in the twenty-first century and that they represent myopic vision unique to the eighteenth. The Rule-of-Law is law is rapidly being replaced by the whims of the rule of men, which is capricious and arbitrary.

      A Brilliant Prophecy From 93 Years Ago from H.L. Mencken (born 1880 – died 1956) who was a journalist, satirist, critic, and a Democrat. He wrote this editorial while working for the Baltimore Evening Sun, which appeared in the July 26, 1920 edition.

      “As democracy is perfected, the office of the President represents, more and more closely, the inner soul of the people. On some great and glorious day, the plain folks of the land will reach their heart’s desire at last and the White House will be occupied by a downright fool and complete narcissistic moron.”
      – – – H.L.Mencken, The Baltimore Evening Sun, July 26, 1920

      So it was written and so it has come to pass.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.