Apollo Cloud: Your Fortress Against Hacker Browser Attack
Recently it has been discovered that some vendor's cloud storage devices are vulnerable to attacks and can be compromised. Without going into details, this exploit involves an improperly set cookie and a CSRF (Cross-Site Request Forgery). This exploit is not new, and there are many avenues to browser based attacks. Some of the commonly used methods are...
- Hacks through Adobe Flash
- Powershell hacks
- CSFR attacks
- Drive-By Downloads
- Plugin and script enabled attacks
- Philshing attacks
- attacks though 3rd party web apps
All of these methods have one purpose, to run malicious code on a user's computer or device; moreover, all of these methods work through a user's browser. This is why it's important to keep one's browser updated, as the latest browser will block known exploits where possible.
Most IOT devices, storage devices and home routers today are managed through a web-based GUI. The GUI offers an easy to use interface to configure and control these devices. But this is also a weakness, as the GUI is accessed through a web browser and the browser can be used to compromise these devices using the attacks listed above or other attacks. Recently it has been shown that many home routers can be easily compromised and many users have received emails ransoming the files on the storage attached to their routers. If a cloud storage device is compromised, the same could happen.
Unlike most IOT devices, cloud storage and home routers, the Apollo Cloud is not managed through a web browser and none of the attacks listed above can be used to compromise it. In addition, communication between the Apollo app and the Apollo is encrypted. As a result, there is no way malicious code can compromise the Apollo.