iCloud Backups Not as Secure as iOS Devices to Make Restoring Data Easier

[tentales]

Lol storing a backup of a phone in a bank vault? Seriously?

unless you go to the bank every week then that backup seems a bit pointless to me. Am I missing something? Do people keep life critical things carried around with them on their mobile phone *and nowhere else*? (A backup of a full computer operating system is different, but the stuff stored on my phone at least is much more current...)

It may be funny to you, but I've heard that thieves love targeting iPhones, iPads, Macs etc. when they break into your home. Or it burns to the ground in a wildfire or blows away in a big windstorm.
I'd rather have a month-old archival backup offsite (bank, relative, friends or wherever) than none at all.

I'm suggesting hourly/daily backups on the drives close by and occasional, say monthly backups to your offsite location. My iPhone backups are NOT separate from my computer backups, since my iDevices sync with the Mac and then I TimeMachine + C.C.C. all the User data to 2 separate drives. One of these drives gets swapped once a month with the archival one.

If you want to go really fancy and have fast internet and high data caps, you could "near-line" your archival backups to a secondary or multiple locations.

 

[RedOrchestra]

I'm suggesting hourly/daily backups on the drives close by and occasional, say monthly backups to your offsite location.

Sorry but my wife and I are chuckling at all the back-up commentary - I have to say that we have nothing in our entire lives that would need all those iterations of back-up ... NOTHING.

 

[tentales]

Devil's advocate time-

Long story short - non techies have no clue the different types of backup or encryption they have available to them.

And that's why the techies here can inform some of the backup scenarios to the uninitiated. OSX asks you if you want FileVault 2 turned when you setup a new Mac since Yosemite.

 

[Gymgenius]

You could just back your crap on your home NAS, it would be a pain in the butt to keep track of since there is no third party whole device backup software on IOS, but doable I guess if you're really that paranoid.

Which the feds will seize and decrypt when they raid your house.

 

[tentales]

Sorry but my wife and I are chuckling at all the back-up commentary - I have to say that we have nothing in our entire lives that would need all those iterations of back-up ... NOTHING.

Then why bother commenting? You're not affected by any of this. Other creative people here have productive and original work they accomplish with their devices and would take a serious income hit if they lost it all. Maybe YOU have no pictures, movies, word docs, excel sheet, whatever stored on your Mac. If all you use a computer for is internet surfing & email, then sure, don't back up anything.

 

[RedOrchestra]

Then why bother commenting? You're not affected by any of this. Other creative people here have productive and original work they accomplish with their devices and would take a serious income hit if they lost it all. Maybe YOU have no pictures, movies, word docs, excel sheet, whatever stored on your Mac. If all you use a computer for is internet surfing & email, then sure, don't back up anything.

Got all that but none of it is that important to worry about every lasting hour of every lasting day . sounds like self-importance more than anything.

 

[Gymgenius]

Technically Apple could absolutely offer a cloud backup solution where even they couldn't access the data. For example, they could let the user pick a backup password (same as they already do for encrypted iTunes backup) and use it to encrypt the data before uploading to iCloud. Of course this means that users who forget the password couldn't restore their backup, which is why they should probably make this optional and give the user a proper warning. And, BTW, there are cloud services that use similar approaches to encrypt their users' data, e.g. Spideroak and the backup service Crashplan.

^^^^ This

If Apple care as much about their customer's pricacy as they say they do, the need only do this one simple thing.

 

[tentales]

Got all that but none of it is that important to worry about every lasting hour of every lasting day . sounds like self-importance more than anything.

I don't worry, TimeMachine & CCC do the backup schedule automagically. My effort involves rotating the drives once a month or every other month. You sound clueless.

 

[einsteinbqat]

Again, it makes the "encrypted backup" null and void if you don't have File Fault turned on.

How come?

 

[jonnysods]

I still do a local backup to itunes, I just feel better about it. Plus I don't want to pay for extra storage, dropbox gets my money!

Until they can put iTunes Match and iCloud under the same plan, then I'm down.

 

[gnasher729]

This is an Apple forum, we hate removable storage. Remember?

I use a smaller version as the world's smallest Time Capsule. Amazon sells a 128 GB card for about £35. Plug it in your MacBook, set up Time Machine, and you're safe in case your Mac crashes.

 

[ReneR]

so if you run an innovative IT business, better not backup to any cloud, ...

 

[gnasher729]

I'm saying a professional investigator, investigating a spree killing, wouldn't rule something out because it seems a bit irrational. That's what internet amateurs do when they want to defend a POV. People's behaviour, down to these little details, cannot be predicted.

A professional investigator would have stopped until they knew the consequences of their actions.

As it is, he f***ed up. If the reason is what you claimed, then he destroyed the FBI's ability to get data off the phone on a very, very remote possibility. So apparently he wasn't _that_ experienced, but an internet amateur. He could have gone to the nearest Apple Store, talked to the guy or girl at the Genius bar, and they would have told him.
[doublepost=1457017273][/doublepost]

so if you run an innovative IT business, better not backup to any cloud, ...

If it is any trade secrets that you store there, and Apple copied them, someone would go to jail.

 

[zhenya]

Thus, the whole flaw of the cloud is exposed.

I recommend that everyone turns off their iCloud backups on all devices and only uses iTunes to make encrypted backups. I don't believe that Apple will ever make iCloud secure, though I would love to be proved wrong.

I raised this issue a few days ago, and am pleased to see MacRumors highlighting the significance of the iCloud problem.

I think this is really bad advice for the general populous at large. iCloud backups are a lot simpler and a lot more reliable for the average user. And the average user is much more likely to be affected by their inability to access lost pictures, video, or other data than they are to suffer a life-changing event because the government got a look at the contents of their phone backups. Apple's method of securing iCloud backups was the right one. They were completely up front and transparent about how the backups were stored, and it is much more customer-friendly for them to be able to help out in a customer's time of need than to have to say, 'sorry, out of luck.'

I think the right thing to do is to make full encryption of iCloud backups an option but they need to make crystal-clear what the potential repercussions of that are.

 

[2010mini]

I'm saying a professional investigator, investigating a spree killing, wouldn't rule something out because it seems a bit irrational. That's what internet amateurs do when they want to defend a POV. People's behaviour, down to these little details, cannot be predicted.
[doublepost=1457005585][/doublepost]

Great. But you said the MDM on the killer's phone could track 'EVERYTHING' he did with it. Why do the FBI need Apple to open up the phone if this is the case?

That question my friend is why everyone in the tech field is suspicious. They have access to all the people he called or texted from that phone leading up to the attack. The cellular carrier can give them all the data relating to where this phone was by accessing the data from which towers it pinged. a lot of people think this is just a pretext to get a backdoor access from Apple that they have wanted for a while. Terrorism is a hot button topic that has made American freely give up civil liberties for "safety"

 

[Mascots]

Great read.

I'm sure there are other technical reasons for Apple's less secure approach to iCloud - one being the massive task of sorting and storing bulk encrypted data inside of a server setup and giving the ability to make iCloud backup data fast (to access). It can be done, but it is a task because it is not nearly as easy as plain-text data on a 500+ million scale.
I think there are other legal obligations that would fall on Apple, too, since they are the ones hosting whatever information is stored there. While I am not clear of all the legalities, I know it would be an additional web for Apple to step in along side its current battle.

 

[AbSoluTc]

How come?

Most users don't have File Vault turned on. If it's not on, the drive is not encrypted so anything stored on it can easily be accessed. Including an encrypted iTunes backup - not hard to break if you want to. Also, the user has the option of remembering their encrypted backup password in their keychain. If the drive is not encrypted, it's easy to pull the password from there.

 

[maflynn]

Mossberg suggests customers who don't want to upload data to Apple via an iCloud backup make local encrypted backups through iTunes using a Mac or PC, and he points out that other cloud storage services, like Dropbox, are no more secure.

This is what I do, but mostly because I found backing up to the cloud was excessively slow. I figure any sort of restore would be just as slow.

 

[Thunderhawks]

Sorry but my wife and I are chuckling at all the back-up commentary - I have to say that we have nothing in our entire lives that would need all those iterations of back-up ... NOTHING.

Triple LOL and same here. Especially as one gets older.

Once the kids (if there are) are out of the house, one needs next to nothing.
(not even a house)

For me, I can do with some clothes, all my Apple gear, plus a few subscriptions to electronic
services, internet availability, done.

Planning to start RV life asap.

That requires however not to want material possessions and getting rid of anything that requires storage. Very hard to do.

As for iCloud isn't safe: Duh and triple LOL.

 

[Fattytail]

Triple LOL and same here. Especially as one gets older.

Once the kids (if there are) are out of the house, one needs next to nothing.
(not even a house)

For me, I can do with some clothes, all my Apple gear, plus a few subscriptions to electronic
services, internet availability, done.

Planning to start RV life asap.

That requires however not to want material possessions and getting rid of anything that requires storage. Very hard to do.

As for iCloud isn't safe: Duh and triple LOL.

Sounds like a smart approach to me. The idea of being paranoid because of the remote possibility that the government can snoop into all of your irrelevant-for-any-purposes-beyond-your-own-life, just seems silly to me.

 

[JAQ]

The simplest way to explain the difference is that iCloud's security is intended to protect the user's data, and iOS security is intended to protect the user's device.

Your data is subject to search with a warrant, and Apple will comply with those. Your device – essentially an extension of your mind – is not subject to a search without your consent.

 

[nicho]

Then why bother commenting? You're not affected by any of this. Other creative people here have productive and original work they accomplish with their devices and would take a serious income hit if they lost it all. Maybe YOU have no pictures, movies, word docs, excel sheet, whatever stored on your Mac. If all you use a computer for is internet surfing & email, then sure, don't back up anything.

this is a story about icloud backup. which isn't available to macs. why bother commenting?

anybody keeps the sole copy of mission critical stuff on an ios device is 1) a fool and 2) probably not going to find a month old copy stored in a bank vault much use to them.

 

[aPple nErd]

Technically Apple could absolutely offer a cloud backup solution where even they couldn't access the data. For example, they could let the user pick a backup password (same as they already do for encrypted iTunes backup) and use it to encrypt the data before uploading to iCloud. Of course this means that users who forget the password couldn't restore their backup, which is why they should probably make this optional and give the user a proper warning. And, BTW, there are cloud services that use similar approaches to encrypt their users' data, e.g. Spideroak and the backup service Crashplan.

I'm not sure our good old friends at the FBI would agree with you

 

[BeefCake 15]

Devil's advocate time-

While telling people to turn off iCloud backups and only iTunes for backing up, there is still one big flaw here. Most people DO NOT have File Vault turned on. Which, renders this all null and void. Also, most users have no clue how to turn on the encryption feature for iTunes backup. You and I know exactly where it is but most users do not. Nor do they have the capacity to remember the password that it asks them to setup if the event they need to restore. I can't tell you how many times users forget their password. Once you forget it, you cannot get it back. On the flip side, you can choose to store it in your keychain. Again, it makes the "encrypted backup" null and void if you don't have File Fault turned on.

Long story short - non techies have no clue the different types of backup or encryption they have available to them.

1. Clarification, FileVault is important to turn on for local copy security not the backup data on an encrypted External HD. I do agree though with the importance of FileVault in general.
2. Not sure the complexity but iTunes backup has one box to tick if you want to encrypt your backup. It's very clear info on the button.
3. Remembering passwords is a reality of life for all human beings in one shape or form. In addition, FileVault requires you to have an offline key in case encryption PW is lost.

 

[einsteinbqat]

Most users don't have File Vault turned on. If it's not on, the drive is not encrypted so anything stored on it can easily be accessed. Including an encrypted iTunes backup - not hard to break if you want to. Also, the user has the option of remembering their encrypted backup password in their keychain. If the drive is not encrypted, it's easy to pull the password from there.

Oh, I see. Thanks.