Windows, Mac OS may leave backdoors open with cloud storage security

We love cloud services like Box, Dropbox, iCloud, and Skydrive, but the latter two are integrated directly into operating systems, and according to at least one expert at Kaspersky Lab, that’s not cool, with this feature providing a security risk for consumers.

According to Wayne Kirby at internet security group Kaspersky Lab, Skydrive could pose a serious risk to consumer security thanks to the unknown actual physical locations for where files stored on the Skydrive are.

“There is always a risk associated with storing personal information in the cloud,” said Kriby, Kaspersky’s Product Specialist for the Australia and New Zealand region. “The main reason being, unlike an external hard drive that sits in your living room, you don’t know where your data is actually sitting – it could be anywhere in the world and could potentially be accessed by anyone if adequate security measures aren’t put in place.”

With Skydrive, Windows 8 is one of the few operating systems to come preinstalled with a shortcut to an online storage system, meaning that any file saved to your Skydrive folder are uploaded to your Skydrive account, sharable on any other device that supports a Skydrive app or website, including a phone, tablet, or full-size computer.

Previous versions of Windows support online storage services including Skydrive and Dropbox, but you had to install them yourself.

“Of course, consumers also have access to cloud storage on Windows 7 and other operating systems,” continued Kirby, “however Windows 8 is quite different in that SkyDrive is built directly into the operating system, inadvertently increasing hackers’ ability to access your personal files.”

But Windows isn’t the only operating system that has this pitfall, with Mac OS having a similar flaw, thanks to the iCloud drive now being included as part of Apple’s operating system.

“[iCloud] can be as equally vulnerable as Windows Skydrive due to the availability and accessibility to iCloud,” Kirby added.

“As with Skydrive, iCloud is embedded into the Mac OSX. The username and password are installed and readily available for use, with many users not entering their password details on a regular basis.

“iCloud can also be accessed on a Windows computer by the use of an application. In short, the requirement for not needing to consistently enter user credentials opens up the vulnerability, it’s like leaving your key in the door when you go out.”

Ultimately, operating system security is never fool proof, but a form of internet security software can always help, and even if personal files are found, this can at least help minimise risk for intruders taking over your system. These sorts of issues can affect any operating system, so if you don’t have some form of internet security, it’s time to get with the times.