How secure are Dropbox, OneDrive and Google Drive?

By Davey Winder on Jan 29, 2015 7:30AM

The ups & downs of the Google channel

Announcing Pipeline 2025 tickets, theme & initial speakers

Australian MSP Index launched

End of Support for Windows 10: A guide for Channel Partners

Ingram Micro Ushers in the Age of Ultra

Page 2 of 3 | Single page

How secure is iCloud?

Although Apple iCloud came under fire last year when hackers apparently stole photos of celebrities and published them online, this was less a case of iCloud being insecure and more a case of those celebs getting their AppleID passwords compromised through successful phishing attacks elsewhere.

In fact, Apple has a pretty good reputation when it comes to security across its devices, but how does that translate into cloud services?

Two-step verification is a must have for any security aware cloud user

Well, Apple says that data is encrypted both in transit (using SSL) and at rest on the server. Rather than using AES-256 bit encryption everywhere, however, it uses "a minimum of 128-bit AES" which is considerably less secure. The only thing that I can see where 256-bit is employed is for the iCloud keychain (used to store and transmit passwords and credit card data, also employing elliptic curve asymmetric cryptography and key wrapping which is good) so have to assume all other data is protected by weaker encryption which is not particularly encouraging.

The iCloud keychain encryption keys, however, are created on your own devices and Apple can't access them. Apple says it cannot access any of the core material that could be used to decrypt that key data and only trusted devices that you have approved can access your iCloud keychain.

Secure tokens are used for authentication when accessing iCloud from other Apple apps (such as Mail and Calendar) and there is optional two-step verification (which can be turned on at https://appleid.apple.com/account/home) via text message or device generated code for making changes to account information or signing into iCloud from a new device.

How secure is Google Drive?

Google has also fallen victim to the password compromise security scares that impact on so many services. Last year it was claimed that nearly 5 million Gmail accounts had been hacked when a database was dumped on a Russian security forum.

Because Google Drive uses the same Google account for login as Gmail, the danger was that everything was compromised as a result. It turned out, however, that the dump was of old phished passwords and at most 2% may have worked - but were all reset by Google anyway.

One account shall access them all - so securing your login is paramount

What this illustrates is how much of the security of a service such as Google Drive, which uses a single account to access multiple services, depends on the user protecting that login. Google now uses HTTPS on all of its services, which is to be applauded, and also implements 'internal measures' to look out for potential compromised account login activity.

In addition, Google offers two-step verification like the other services mentioned here. As for your data itself, this is encrypted in transit (to and from your device, and also between Google data centres) using SSL but only stored at rest using 128-bit AES like iCloud.

Next: How secure is OneDrive and the final verdict

Previous Page Next Page

1 2 3 Single page

Got a news tip for our journalists? Share it with us anonymously here.