SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

What Happens When “The Cloud” Goes Bad

Posted on March 30, 2017
  • How iCloud works
  • Apple Music
  • Your cloud security
  • Bigger issues
  • Lessons learnt

Over the past few years, “the Cloud” has gone from being a brand-new buzzword to a phrase that exists in everyone’s vocabulary. Mac users are very familiar with services like iCloud and iCloud Drive, especially as Apple continues to put more of a focus on cloud-based services. However, has the widespread adoption of cloud storage and computing come too quickly?

As helpful as it can be, there are many examples of problems with cloud services which have resulted in severe disruption, both for individual users and for bigger businesses. What happens when “the Cloud” goes bad? That’s our topic for this edition of The Checklist. We’ll look at problems you might encounter when using iCloud, as well as some of the broader issues at play in the tech sector. So, what kind of things should you look out for, and what is important to know?

How iCloud works. You may have heard iCloud Drive likened to another popular cloud storage service: Dropbox. It is a basic cloud storage service. Apple advertises iCloud Drive as a way to easily share files, folders, and more between your Macs and even iOS devices. In theory, this should make it simple to unify your Apple experience under one banner: Drag a file to your iCloud drive on your Mac, and very soon after you’ll also see it on your iPhone In practice, though, there are a few concerns — and sometimes, major problems — that are necessary to understand.

iCloud has had its fair share of problems with syncing user data correctly across multiple devices. Searching for iCloud syncing issues online reveals many users complaining about inexplicably losing information. Even today, working across multiple Macs and iOS devices can sometimes create issues where the wrong files get synced to your devices — or worse, they may be deleted altogether. Anyone who has worked with Dropbox or other cloud storage services knows that it’s almost impossible to understand exactly when folders will sync. If you make too many changes too quickly, syncing could get confused, out of sync, and your cloud drive suddenly becomes quite a mess!

iOS users understand these frustrations well, too. iCloud has a notorious reputation for overwriting contact files or syncing blank contacts from a Mac to an iPhone, or vice versa. For those who do not have a backup copy available, the consequences could range from a simple frustration to a major problem

Compounding this problem is macOS’s “Optimize Storage” feature. The actual intent and design of this feature is to enable efficient use of solid-state hard drives, which often have smaller storage capacities than traditional spinning hard-drives. Your Mac will upload older files to iCloud Drive and leave behind a what’s called a ‘stub-file’ that tells the system to re-download the full-sized files when you want to use them. While not a bad idea, in theory, it does have the usual cloud-related drawbacks, like requiring an Internet connection in order to restore your data and files. However, it can cause data loss, too.

Tech writer Ben Lovejoy has written extensively about his problematic experiences with iCloud Drive and the “optimize storage” feature. The concern is the confusing way in which Optimize Storage works — some users report that the feature is enabled by default. That’s the experience Lovejoy had; after an update, his MacBook Air activated the feature and connected to iCloud Drive — which was also archiving files from a much larger hard drive on a home Mac. The machine then synced his desktop files to the MacBook until its hard drive was full. His efforts to resolve the problem resulted in the loss of all the local files on the machine; once a user turns off the drive feature, it deletes the data.

The problem became so severe that Lovejoy’s MacBook was a virtually unusable brick; the only solution was to restore the entire machine from a Time Machine backup. This scenario highlights a major problem with some cloud storage services right now: though they can offer incredible convenience, they require very careful setup. Even then, losing data is a real possibility — and you can’t always rely on the cloud to restore that information when it caused the problem! Keeping separate backups, as always, is a very good idea.

Apple Music. Let’s move on now to issues surrounding the cloud and music. It’s not just for storing documents, pictures, and other regular data; Apple is also pushing forward with its cloud-based Apple Music service. In one sense, you could view it as the logical conclusion of the philosophy originally behind the iPod: the desire to take your music anywhere. With all your favorite tunes stored in the cloud, Apple wants to make your music available to you anywhere.

Of course, as we’ve mentioned, that means anywhere with an Internet connection. Many users still prefer local storage due to its instant availability. If you hop on a plane or travel abroad, you might not have access to the Internet on your phone, leaving you totally without your music. As frustrating as that is, though, Apple Music has had its fair share of “accidental” deletions as well.

Perhaps the highest profile incident concerns Jim Dalrymple, a journalist who wrote a widely-shared article about his Apple Music mishaps. Based on metadata, the software was mistakenly identifying songs as duplicates or just not adding tracks at all. A very carefully curated collection of music quickly became a mess. Worse still, when Dalrymple simply turned the Apple Music service off, he lost access to nearly five thousand songs, including many he’d purchased from iTunes.

Bad metadata matches and other issues were responsible for many problems early in Apple Music’s lifespan. Since then, Apple rolled out iTunes Match, which verifies the audio fingerprint of a track to determine its identity. While this cuts down on problems, it doesn’t eliminate the overall drawbacks to the service. It’s worth weighing the pros and cons of whether cloud-based music storage is right for you.

Your cloud security. Security issues are at play with services like iCloud also! First is the simple fact that you’re sending your data to a server connected to the Internet somewhere. If iCloud Drive automatically uploads your files to a server, that means potentially very sensitive information is now sitting in the cloud. Yes, Apple stores your information securely and makes every effort to keep hackers from accessing it. To date, there’s no public evidence that attackers have ever compromised and stolen data from Apple’s iCloud or iCloud Drive servers. The celebrity pictures “hack” that made headlines in 2014 was not actually a result of “hacking” iCloud so much as gaining access to individuals’ accounts through a phishing campaign.

A flawless track record now doesn’t guarantee a flawless track record in the future, especially as the service grows. Therefore, it’s always worth considering potential future risks. As handy as the cloud is, you shouldn’t ever rely on it 100% for data storage. Problems could arise whether you’re away from a high-speed Internet connection or Apple suffers a breach.

A second security concern sits closer to home. Consider that Apple may not be the weak link in this equation — instead it could be you. Take the case of another tech journalist, Mat Honan of Wired. Through a combination of simple Internet recon and social engineering, attackers gained access to many of his accounts, including his iCloud and Dropbox accounts.

They used publicly available information and password recovery forms to find relevant information, like email addresses. Using this information, they then posed as Honan while calling Apple and requesting a password reset. They used their access to delete his data and remotely wipe his Mac. This isn’t just a lesson in why you should use two-factor authentication for critical data; it’s also a warning about the cloud. If an attacker can gain access to the right service, he could wield tremendous power over your digital life. If you do plan to use cloud storage services, observing rigorous security procedures is a must!

Bigger issues. Outside of the Apple ecosystem, cloud systems power more things behind the scenes than you might expect. Distributed web hosting, run on giant networks of interconnected servers, now powers large swathes of the Internet. Microsoft and Google run their own services, while retail giant Amazon is one of the biggest providers through its Amazon Web Services, or AWS. Its S3 (Simple Storage Solution) service forms a foundation for many major websites and apps around the world.

You may have heard about AWS in the news recently because it experienced one of its first major outages in some time. During routine maintenance, an engineer mistyped a command that took many servers offline at once; as a result, the sites relying on those servers went dark immediately. It wasn’t until the servers finished rebooting that service returned. While generally very reliable, this incident, as well as a high-profile DDoS event, showcased the potential vulnerabilities of hosting sites in the cloud. Though the DDoS was merely disruptive and caused slow service, similar attacks have temporarily brought down other cloud-based services, disrupting the ability to conduct business, send email, and process sales transactions.

Lessons learnt. So, what are the lessons we can learn about the cloud’s overall role? It’s clear that there are some definite drawbacks. Whether it’s accidentally losing music that was hard to find or encountering a syncing error that wipes out your contacts, these are major frustrations. The more you rely on the cloud, the riskier it becomes, too — as we’ve seen, it’s easy for a mistake or a compromised account to lead to damaging losses of data. Clearly the cloud is still a developing ecosystem.

At the same time, the convenience they offer is undeniable. In a world full of Wi-Fi, it’s almost essential for those in business and “on the go” to use cloud services. Having the ability to keep files available and up to date is crucial for a mobile-focused world. What level of involvement is right for you is a matter of personal choice, but you should understand what’s at play before making a commitment to the cloud.

It’s clear that the cloud is here to stay. How quickly its reliability improves will be a key to its long-term success, though. It can offer many benefits — but we think it’s important for you to be aware of the risks as well. If you do plan to use cloud-based services heavily, don’t forget the importance of an offline backup. By keeping your data safe and regularly updated, you can avoid many of the common problems people experience.

If you’d like more information on this topic, or if there’s a specific one you’d like to see us cover on a future episode, send us an e-mail at checklist@securemac.com!

Join our mailing list for the latest security news and deals