{"id":430856,"date":"2022-04-12T21:08:27","date_gmt":"2022-04-12T18:08:27","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/dont-assume-your-user-data-in-the-cloud-is-safe\/"},"modified":"2022-04-12T21:08:27","modified_gmt":"2022-04-12T18:08:27","slug":"dont-assume-your-user-data-in-the-cloud-is-safe","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/dont-assume-your-user-data-in-the-cloud-is-safe\/","title":{"rendered":"#Don\u2019t assume your user data in the cloud is safe"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2e62e369318\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2e62e369318\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/dont-assume-your-user-data-in-the-cloud-is-safe\/#%E2%80%9CDont_assume_your_user_data_in_the_cloud_is_safe%E2%80%9D\" >&#8220;Don\u2019t assume your user data in the cloud is safe&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/dont-assume-your-user-data-in-the-cloud-is-safe\/#The_big_idea\" >The big idea<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/dont-assume-your-user-data-in-the-cloud-is-safe\/#Why_it_matters\" >Why it matters<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/dont-assume-your-user-data-in-the-cloud-is-safe\/#What_other_research_is_being_done_in_this_field\" >What other research is being done in this field<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/dont-assume-your-user-data-in-the-cloud-is-safe\/#Whats_next\" >What\u2019s next<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CDont_assume_your_user_data_in_the_cloud_is_safe%E2%80%9D\"><\/span>&#8220;Don\u2019t assume your user data in the cloud is safe&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n                            <em>The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/us\/topics\/research-brief-83231\">Research Brief<\/a> is a short take about interesting academic work.<\/em><\/p>\n<h2><span class=\"ez-toc-section\" id=\"The_big_idea\"><\/span>The big idea<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Organizations\u2019 failure to properly manage the servers they lease from cloud service providers can allow attackers to receive private data, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ieee-security.org\/TC\/SP2022\/program-papers.html\">research<\/a> my colleagues and I <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/arxiv.org\/abs\/2204.05122\">conducted<\/a> has shown.<\/p>\n<p>Cloud computing allows businesses to lease servers the same way they lease office space. It\u2019s easier for companies to build and maintain mobile <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>s and websites when they don\u2019t have to worry about owning and managing servers. But this way of hosting services raises security concerns.<\/p>\n<p>Each cloud server has a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/us.norton.com\/internetsecurity-privacy-what-does-an-ip-address-tell-you.html\">unique IP address<\/a> that allows users to connect and send data. After an organization no longer needs this address, it is given to another customer of the service provider, perhaps one with malicious intent. IP addresses change hands as often as every 30 minutes as organizations change the services they use.<\/p>\n<p>When organizations stop using a cloud server but fail to remove references to the IP address from their systems, users can continue to send data to this address, thinking they are talking to the original service. Because they trust the service that previously used the address, user devices automatically send sensitive information such as GPS location, financial data and browsing history.<\/p>\n<p>An attacker can take advantage of this by \u201csquatting\u201d on the cloud: claiming IP addresses to try to receive traffic intended for other organizations. The rapid turnover of IP addresses leaves little time to identify and correct the issue before attackers start receiving data. Once the attacker controls the address, they can continue to receive data until the organization discovers and corrects the issue.<\/p>\n<figure>\n<iframe loading=\"lazy\" srcdoc=\"&lt;style&gt;*{padding:0;margin:0;overflow:hidden}html,body{background:#000;height:100%}img{position:absolute;top:0;left:0;width:100%;height:100%;object-fit:cover;transition:opacity .1s cubic-bezier(0.4,0,1,1)}a:hover img+img{opacity:1!important}&lt;\/style&gt;&lt;a href=\" https:=\"\" src=\"https:\/\/img.youtube.com\/vi\/nHJZHWVgxU8\/hqdefault.jpg\" style=\"top: 50%;left:50%;width:68px;height:48px;transform:translate3d(-50%,-50%,0)\" width=\"440\" height=\"260\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p><figcaption><span class=\"caption\">Poorly managed cloud services are another opportunity for attackers to steal data. Video by Penn State.<\/span><\/figcaption><\/figure>\n<p>Our study of a small fraction of cloud IP addresses found thousands of businesses that were potentially leaking user data, including data from mobile apps and advertising trackers. These apps initially intended to share personal data with businesses and advertisers, but instead leaked data to whoever controlled the IP address. Anyone with a cloud account could collect the same data from vulnerable organizations.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Why_it_matters\"><\/span>Why it matters<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Smartphone users share personal data with businesses through the apps they install. In <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.usenix.org\/conference\/soups2018\/presentation\/votipka\">a recent survey<\/a>, researchers found that half of smartphone users were comfortable sharing their locations through smartphone apps. But the personal information users share through these apps could be used to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/mayer\">steal their identity<\/a> or <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.usenix.org\/conference\/woot18\/presentation\/smith\">hurt their reputation<\/a>.<\/p>\n<p>Personal data has seen <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.nytimes.com\/2018\/05\/24\/technology\/europe-gdpr-privacy.html\">increasing regulation<\/a> in <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.nytimes.com\/2019\/12\/29\/technology\/california-privacy-law.html\">recent years<\/a>, and users may be content to trust the businesses they interact with to follow those regulations and respect their privacy. But these regulations may not sufficiently protect users. Our research shows that even when companies intend to use data responsibly, poor security practices can leave that data up for grabs.<\/p>\n<p>Users should know that when they share their private or personal data with companies, they are also exposed to the security practices of those companies. They can take steps to reduce this exposure by reducing how much data they share and with how many organizations they share it.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_other_research_is_being_done_in_this_field\"><\/span>What other research is being done in this field<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Academics and industry are focusing on responsible collection of user data. A <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blog.google\/products\/android\/introducing-privacy-sandbox-android\/\">recent push by Google<\/a> aims to reduce collection of users\u2019 personal data by mobile advertisements, ensuring that their security and privacy is protected.<\/p>\n<p>At the same time, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/research.samsung.com\/blog\/Automatically-Explaining-the-Privacy-Practices-in-Mobile-Apps\">researchers are working<\/a> to better explain what applications do with the data they collect. This work aims to ensure that the data users share with applications is used how they expect by matching permission prompts with how the apps actually behave.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Whats_next\"><\/span>What\u2019s next<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>We\u2019re conducting research into new technologies on smartphones and devices to ensure they protect user data. For instance, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/petsymposium.org\/2022\/files\/papers\/issue2\/popets-2022-0034.pdf\">research led by a colleague of mine<\/a> describes an approach to protect personal data collected by smart cameras. Our vantage point on traffic in the public cloud is also enabling new studies of the internet as a whole. We are continuing to work with cloud providers to ensure that user data stored on the cloud is secure, and are introducing techniques to prevent businesses and their customers from being victimized on the cloud.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img decoding=\"async\" loading=\"lazy\" style=\"border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;\" alt=\"The Conversation\" width=\"1\" height=\"1\" class=\"js-lazy\" src=\"https:\/\/counter.theconversation.com\/content\/180289\/count.gif?distributor=republish-lightbox-basic\"\/><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https:\/\/theconversation.com\/republishing-guidelines --><\/p>\n<p><noscript><img decoding=\"async\" loading=\"lazy\" style=\"border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;\" src=\"https:\/\/counter.theconversation.com\/content\/180289\/count.gif?distributor=republish-lightbox-basic\" alt=\"The Conversation\" width=\"1\" height=\"1\" class=\"\" srcset=\"\"\/><\/noscript><\/p>\n<p><em>This article by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/profiles\/eric-pauley-1324365\">Eric Pauley<\/a>, PhD student in Computer <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/sciencee\/\" data-internallinksmanager029f6b8e52c=\"5\" title=\"Science\" target=\"_blank\" rel=\"noopener\">Science<\/a> and Engineering, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/institutions\/penn-state-1258\">Penn State<\/a>, is republished from <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\">The Conversation<\/a> under a Creative Commons license. Read the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/mismanaged-cloud-services-put-user-data-at-risk-180289\">original article<\/a>.<\/em>\n                        <\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/dont-assume-your-user-data-in-the-cloud-is-safe\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Don\u2019t assume your user data in the cloud is safe&#8221; The Research Brief is a short take about interesting academic work. The big idea Organizations\u2019 failure to properly manage the servers they lease from cloud service providers can allow attackers to receive private data, research my colleagues and I conducted has shown. Cloud computing allows&#8230;<\/p>\n","protected":false},"author":1,"featured_media":430857,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/04\/shutterstock_1141257410-Cloud-services.jpg&signature=6469c37d1d3320494732a1b277aa50b2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-430856","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/430856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=430856"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/430856\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/430857"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=430856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=430856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=430856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}