Sign in with
Sign up | Sign in

Apple Support Gives Hacker Access to Blogger's iCloud

By - Source: via ZDNet | B 2 comments

Apple apparently gave a perfect stranger access to Mat Honan's iCloud account without verifying his identity.

As we become more connected and more reliant on the web, top-notch security becomes more and more important. While some services like Gmail offer two-step verification to ensure only you can access your account, not every service offers security that's as air-tight. This past weekend, Wired's Mat Honan revealed that he had been hacked. Actually, the hackers themselves revealed that fact when they took control of Honan's Twitter account but Honan later divulged just how bad the attack was.

Honan says someone accessed his iCloud account at 4:50pm on Friday afternoon. This person reset the password and then sent the password reset confirmation email to the trash bin. After that, the hacker switched his or her focus to Honan's email account. Honan said in a blog post on Friday that the backup email address on his Gmail account is the same .mac email address. So, at 4:52pm, the attacker sent a Gmail password recovery to the .mac account and successfully reset his Gmail password.

Now, most of us would already be freaking out at this point. The idea of a stranger having access to your personal email is a very scary one. However, the hacker wasn't finished with Honan. At 5pm, the attacker wiped his iPhone. One minute later, they did the same to his iPad. At 5:05pm, his MacBook Air was wiped clean. After that, they accessed his Twitter and, because his Twitter was once linked to the account of his former employer Gizmodo, the hackers took the @Gizmodo account, too.

The story of how the hacker breached one account and used that access to breach multiple other accounts is interesting enough as it is. However, how they got access to the first account (in this instance, iCloud), is even more interesting. Though Honan originally thought the person responsible had managed to brute force is seven digit alphanumeric password, he soon figured out that it wasn't as hard as that. In an update to his blog post, Mr. Honan said that he had confirmed with both the hacker and Apple that it wasn't password related. The hacker simply phoned Apple support, convinced the tech support worker that he was Honan and had them reset the password.

Speaking via Twitter, Honan revealed that the hacker didn't even have to answer any security questions. "They did not have to answer security questions. Bypassed both the password, and the questions," he told one follower, later adding, "To all asking exactly what info let hackers access my account, I want to give Apple a chance to respond first. Should be an easy fix."

Apple also hasn't commented publicly on the situation, but we don't expect Cupertino to stay quiet for long. This could have happened to anyone (though Honan's job as a tech blogger for a popular publication does make him an attractive target), and the fact that Apple let a stranger access a user's account with no authentication is very worrying. We'll keep you posted on this one.


Follow @JaneMcEntegart on Twitter.                     

 

Contact Us for News Tips, Corrections and Feedback

Display 2 Comments.
This thread is closed for comments
  • 0 Hide
    silver565 , 7 August 2012 05:06
    Someone at Apple is going to lose their job. Or perhaps... just disappear?
  • 0 Hide
    Anonymous , 7 August 2012 16:24
    英国还能被称为大国吗,还有脸在中国人面前说自己举办过2012奥运的吗
    对英国的印象从此改变,没有能力,没有公平,没有资格!!!
    中国奥运健儿加油!中国人民永远支持你们!!!
    那些评判吃错药了吗、?针对中国不代表你有本事而是,而是你们国家很懦弱。