August 7th, 2012

How Apple’s Lax Security Allowed One Man’s Digital Life To Be Erased

Mat Honan writes for Wired about the pitfalls of having interconnected online accounts, and the ease with which 19-year-old hackers were able to erase his digital life (and takeover Gizmodo’s Twitter) via security oversights in Amazon and Apple’s systems.

 At 5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud’s “Find My” tool to remotely wipe my iPhone. At 5:01 they remotely wiped my iPad. At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account. At 5:10, I placed the call to AppleCare. At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack….

On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file. Here’s the story of how the hackers got them….

As of Monday, both of these exploits used by the hackers were still functioning. Wired was able to duplicate them. Apple says its internal tech support processes weren’t followed, and this is how my account was compromised. However, this contradicts what AppleCare told me twice that weekend. If that is, in fact, the case — that I was the victim of Apple not following its own internal processes — then the problem is widespread….

I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on. 

Read the full article here.

// Follow Read This, Not That on Tumblr / Facebook / Twitter //

  1. soulofayoungman reblogged this from rtnt
  2. sunrec reblogged this from rtnt
  3. zangen reblogged this from bapeonion and added:
    i lvoe securty
  4. benjaminldaniel reblogged this from rtnt
  5. passingontheright reblogged this from rtnt
  6. bapeonion reblogged this from rtnt
  7. pixiree reblogged this from rtnt
  8. rtnt posted this
Loading tweets...