How could it be? Apple gave hackers access to user’s iCloud account that made a very real weakness in Apple is security. Follow us after the jump to read the full story!
A Very Real Weakness In Apple Is Security
As most of you do in all over the world, updating your live to the world wide web, your home address, phone number, credit card numbers and more and more. All of that need a very high security to be save, and your strong password now isn’t enough with people like Apple clever social engineering whose helped the hackers by wrong.
And here we are with Mat Honan, his iCloud account has been hacked, hackers could gain access to his account, wiping his MacBook, iPhone and iPad. Friday night was the showtime if you are one of Mat Honan or Gizmodo on Twitter you would have seen the show.
From Mat Honan with iDB comments:
“At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years.
The backup email address on my Gmail account is the same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone. At 5:01 PM, they remote wiped my iPad. At 5:04, they remote wiped my MacBook Air.
A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well.”
And because he didn’t have any backups, Mat says he lost more than a year’s worth of photos, emails, and documents. Ouch. And apple said that none of this is recoverable without serious forensics.
So how did all of this happen? A brute force attack? A key logger? Nope, Apple essentially handed the hackers Mat’s iCloud password.
”Update three: I know how it was done now. Confirmed with both the hacker Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.”
Apparently, if someone can convince Apple that they are you, they can gain access to your iCloud account with very little effort. Granted, Mat Honan’s life is a little bit more public than most people’s (he’s also worked for Wired magazine). But this attack still highlights a very real weakness in Apple’s security.
Comments on this entry are closed.