An adversary who is able to obtain unauthorized access to or misuse authorized access to cloud backup services (e.g. Google's Android backup service or Apple's iCloud) could use that access to obtain sensitive data stored in device backups. For example, the Elcomsoft Phone Breaker product advertises the ability to retrieve iOS backup data from Apple's iCloud [1]. Elcomsoft also describes [2] obtaining WhatsApp communication histories from backups stored in iCloud.
| ID | Mitigation | Description |
|---|---|---|
| M1011 | User Guidance |
Encourage users to protect their account credentials and to enable available multi-factor authentication options. |
Google provides the ability for users to view their account activity. Apple iCloud also provides notifications to users of account activity.