Apple Support Allowed Hacker Access to Reporter's iCloud Account
On Friday, Wired writer Mat Honan recounted the tale of how his iCloud account was hacked which resulted in his iPhone, iPad and MacBook Air getting remote wiped.
The point of entry appeared to be his iCloud account which was then used to gain access to Gmail and then his and former-employer Gizmodo's Twitter accounts.
At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere.
...
The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone
At 5:01 PM, they remote wiped my iPad
At 5:05, they remote wiped my MacBook Air.
A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well.
Honan wasn't entirely sure how the hackers had gotten access to his iCloud account. His guess was that they had somehow brute-force guessed the password, while others speculated his password had been keylogged or used in another insecure service.
As it turns out, the hacker was able to call Apple support and convince them they were the user. From an update to the original blog post:
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.
After convincing Apple support that they were Mat Honan, the hacker had Apple Support change Honan's iCloud password which gave them full access. From there, they were able to perform the remote wipes on Honan's devices using Apple's Find My iPhone service which offers remote wipe as a security feature for lost devices.
As a somewhat public figure, Honan may have been an easier target than the average iCloud user, but many users may also have personal information publicly available on online services such as Facebook that could be used in a similar fashion. Forbes' Adrian Kingsley-Hughes suggests that Apple "needs to tighten up security and come clean about what went wrong here."
Popular Stories
Apple released iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. Apple has added a handful of new non-AI related feature controls as...
Wednesday December 18, 2024 11:39 am PST by
Juli CloverApple is no longer planning to launch a hardware subscription service that would let customers "subscribe" to get a new iPhone each year, reports Bloomberg's Mark Gurman.
Gurman first shared rumors about Apple's work on a hardware subscription service back in 2022, and at the time, he said that Apple wanted to develop a simple system that would allow customers to pay a monthly fee to gain...
Contrary to recent reports, the iPhone 17 Pro will not feature a horizontal camera layout, according to the leaker known as "Instant Digital."
In a new post on Weibo, the leaker said that a source has confirmed that while the appearance of the back of the iPhone 17 Pro has indeed changed, the layout of the three cameras is "still triangular," rather than the "horizontal bar spread on the...
Wednesday December 18, 2024 10:05 am PST by
Juli CloverElevation Lab today announced the launch of TimeCapsule, an innovative and simple solution for increasing the battery life of Apple's AirTag.
Priced at $20, TimeCapsule is an AirTag enclosure that houses two AA batteries that offer 14x more battery capacity than the CR2032 battery that the AirTag runs on. It works by attaching the AirTag's upper housing to the built-in custom contact in the...
The current Apple TV 4K was released more than two years ago, so the streaming device is becoming due for a hardware upgrade soon. Fortunately, it was recently rumored that a new Apple TV will launch at some point next year.
Below, we recap rumors about the next-generation Apple TV.
Bloomberg's Mark Gurman last week reported that Apple has been working on its own combined Wi-Fi and...
Blackmagic today announced that its URSA Cine Immersive camera is now available for pre-order, with deliveries set to start late in the first quarter of 2025. Blackmagic says that this is the world's first commercial camera system designed to capture 3D content for the Vision Pro.
The URSA Cine Immersive camera was first introduced in June, but it has not been available for purchase until...
Apple launched the controversial "trashcan" Mac Pro eleven years ago today, introducing one of its most criticized designs that persisted through a period of widespread discontentment with the Mac lineup.
The redesign took the Mac Pro in an entirely new direction, spearheaded by a polished aluminum cylindrical design that became unofficially dubbed the "trashcan" in the Mac community. All of ...
Apple is planning a series of "major design" and "format changes" for iPhones over the next few years, according to The Wall Street Journal's Aaron Tilley and Yang Jie.
The paywalled report published today corroborated the widely-rumored "iPhone 17 Air" with an "ultrathin" design that is thinner than current iPhone models. The report did not mention a specific measurement, but previous...
