If you get hacked, what account could be put in bigger trouble, Apple or Google? Well, several factors determine the outcome. According to Vladimir Katalov, CEO of Elcomsoft Ltd., a company that makes digital forensics software tools for customers like U.S. intelligence agencies says it is risky if your Google account is hacked. Last month, Katalov at a presentation at the Sector IT security conference in Toronto demonstrated as to how both the accounts have the capacity to provide access to large quantity of personal information, from contacts to photos to internet bookmarks. During a high-profile breach of celebrity Apple accounts last fall, naked and intimate images of actresses Mary Elizabeth Winstead and Jennifer Lawrence, along with swimsuit model Kate Upton and other celebrities were shared across the internet. Similar attacks also saw Russian President Vladimir Putin’s private emails being leaked and Russian Prime Minister Dmitry Medvedev’s Twitter account being hijacked. In all cases, Katalov said that someone managed to download the victim’s’ Apple backup by getting access to their Apple account information, which “basically… is everything that is stored on your iPhone” from saved network settings to call logs and text messages to your photos. Apple provides a fairly comprehensive list of the types of information available through your Apple account within the guidelines for law enforcement requests on its Government Information Requests website. Katalov says that more information is stored here than the typical Android phones.
‘You won’t even know about it’
And Apple doesn’t necessarily notify you if someone downloads your backup file: “You won’t even know about it.”
‘You won’t even know about it’Tips to reduce your risk
Shortly after the celebrity hacks, Apple started sending out alerts but stopped at some point, he added. However, the good news is that you can disable iCloud backups entirely, which will make it impossible for anyone to download, Katalov says. At the same time, the amount of information from your Google account from both desktop use and mobile devices is huge as well, which ranges from your photos to your browsing history and your profile for targeted ads to your chats in Google Hangouts. This does not mean that is very easy to find out exactly what or how much there is. By using Google’s Takeout service, you can get most of it says Katalov. Google’s Takeout service lets users to export and download all their data from most Google services. However, that’s not complete. If your account is logged into by someone either from a new device or location, Google basically sends notifications alerting you that someone may have your password. However, by using developer tools, it is possible for hackers to access some information in your account without detection, such as your location history and Hangouts conversations. But, it may be possible for hackers under some circumstances to get into your Google and Apple accounts without your password. Instead, they can use malware to steal a small file on your device called an authentication key that will allow them into your account until you change your password. Katalov said, in that case, when someone accesses your account, you will never get any notification. Katalov said that it is not difficult for someone to decrypt the data, as both Apple and Google encrypt your stored passwords and store the encryption keys with the data. However, Apple does have an extra encryption tied to the identity of your device, which is one additional level of security provided by Apple. “So even if you restore them from iCloud backup to new device, your passwords are not being restored because your hardware is different,” Katalov said. “So losing your Apple ID and password is much less risky even if the iCloud backups are there.”
Tips to reduce your risk
Katalov suggests that you can minimize the risk of your accounts getting compromised by follow back the steps below:
- Use a strong password and change it regularly. * Keep a watch on the notification emails about logins to your account. * Use two-factor authentication. In the end, Katalov warns that you can never expect your information to be entirely safe, even if you are careful. “Basically, you can forget about privacy if you’re using a smartphone or any device. If you’re using the cloud, that means the government has for sure access to that information with or without your knowledge,” he said. “If you’re using the internet,” Katalov said, “at least some of your information will be leaked somewhere.”