A security analyst has warned that by 2017, mobile attacks could be commonplace as consumers store more and more sensitive data on their mobile devices. It is through these devices that access to cloud storage can be opened, giving hackers free reign on files such as those leaked this week in the iCloud celebrity hacking issue.
Dionisio Zumerle, an expert on mobile security at Gartner, also told CBR that although no specific details of the iCloud hack have yet been released, it is more than likely a phishing or social engineering attack that led to the breach of personal privacy of a number of high-profile female celebrities.
Zumerle said: "We don’t have any data or facts about the specific hack yet, but my feeling is that, from what I have seen, is that it is really a targeted attack, using phishing or social engineering."
Zumerle also noted that iCloud is not all to blame of the breach. He argues that as a service, users should be free to choose their level of security, saying that two-step verification of iCloud should not be compulsory as it would be a hinderence to many users in the enterprise.
Instead, Zumerle said that there needs to be a higher level of education in the workspace about cloud security.
"iCloud is a service that has to let users have the freedom to choose their own securityllevel. For some in the enterprise, two-factor verification would get in the way.
"Companies need to explain how you can be safe and explain the benefits of security. In the enterprise context, there needs to be training.
Content from our partners
"Education will be helpful, and it is the enterprise’s role to train its employees."
When asked about the repercussions Apple could face following the leak, Zumerle said that the firm will not face too much scrutiny.
He said: "There is no android vs iOS story here. Systems we use to authenticate are vulnerable to social engineering, they always have been. It’s more about following best practices."
But he warned that more attacks will be coming.
"More advanced mobile attacks will be coming. By 2017, we will start seeing these advanced attacks, in fact we are starting to see them now.
"As people start to have siginificant data on their devices, that’s where the attacks will be."
