McAfee: cloud storage could help spread viruses

Security firm warns against cross-device infection and accidental snooping

Shona Ghosh
16 May 2013

The move to cloud storage for photos and other files could help viruses spread between devices, McAfee has warned.

Consumers uploading files to storage services such as Apple’s iCloud or Dropbox using one device, then downloading them to another is leading to a greater risk of "cross-device infection", the firm said.

"The attack surface has increased," said EMEA CTO Raj Samini. "You get cross-device threats. What if you have an infected file transferred from your iPhone to iCloud, which then finds its way onto your PC? A threat can traverse multiple devices."

For example, Samini noted an instance last year of Windows malware being embedded in an iOS app. Although the iOS device wouldn't be affected, plugging it into a Windows PC and transferring the file would infect the machine. The risk of the virus spreading would actually have been relatively low, but Samini insisted that more examples would emerge as cloud services become more popular.

"There’s not a lot of [examples], but as we see the advent of the cloud and synchronisation of these devices, it’ll become a very real issue," he said.

BYOD snooping

The problem is extended by consumers using the same PCs or phones for work as they do at home. The firm said the trend towards "bring your own device" (BYOD) raised questions over the privacy of user information.

"We worked with a Swiss bank that started giving employees €800 to buy their own PCs, so now you see companies not owning PCs any more," said EMEA president Gert-Jan Schenk. "I use storage like iCloud for my personal data and I might use for my business data. If I’ve got all my personal things on my computer, and my company’s also backing up that PC, then clearly, I don’t want my company to look at my private materials."

Having access to workers’ files could prove to be a legal headache for businesses, as they might be liable for any illicit material stored.

"If people have documents of a racist nature or child pornography, it’s the worst thing to store that as a company," said Schenk.

In the US, regulators already require cloud storage companies to scan users’ files to signs of child pornography. Schenk pointed out that similar laws would be difficult to implement in the EU, where countries such as Germany have strict rules over what businesses can or can’t do with user data.

Read more about: