How a Hacker Gained Access to a Reporter's iCloud Account
Wired reporter Mat Honan details the exact process by which hackers had gained control of his iCloud account. The hijacked iCloud account resulted in a remote-wipe of his iPhone, iPad and MacBook Air, as well as further intrusions into his Gmail and Twitter accounts.
As previously reported, the hackers were able to convince Apple Support to provide them with a temporary password to access Honan's account. Honan details exactly how this was performed.
Apparently, Apple Support only requires an iCloud user's billing address and last-four digits of the credit card on file in order to issue a temporary password. That temporary password grants full access to the user's iCloud account. Apple spokesperson Natalie Kerris issued this statement which claims that internal policies were not followed completely in Honan's case, but failed to specify exactly how:
“Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”
Wired was able to confirm the reported policy themselves by successfully gaining access to another account using only those two pieces of information: a billing address and last-four digits of the credit card number.
As noted by Honan, a target's billing address is generally easy to determine by looking up a domain registration or by public white pages databases. As for discovering the last-four digits of Honan's credit card, Honan's hacker used a loophole in Amazon's security systems which don't protect the last-four digits of their user's credit card information. The hack requires a two-step phone call to Amazon. In the first call, Amazon allows you to add a second credit card to the account by simply offering the account's billing address, name and email address. Then, a second call allows you to add a second email address by verifying the previously added credit card. This second email address then has access to the account information including the last four digits of the original credit card.
Honan's intrusion seemed to be a result of a targeted effort to infiltrate his Twitter account, and a number of items had to line up just right for the hackers to gain access. The situation does reveal that the differing security processes between different providers could open up unwanted opportunities. It also seems to show that at present, a specific user's iCloud account access can be gained with those two pieces of only semi-private information.
Honan's full story about the sequence of events is an interesting read.
Popular Stories
iOS 19 is still around three months away from being unveiled, but there are plenty of rumors about the upcoming update.
Below, we recap iOS 19 rumors so far.
Redesigned Camera App
A leak earlier this year allegedly revealed a redesigned Camera app coming with iOS 19.
On his YouTube channel Front Page Tech in January, Jon Prosser shared a video showing what the new Camera app will...
In a recent press release, Apple confirmed that iOS 18.4 will be released in April.
From the Apple News+ Food announcement:Coming with iOS 18.4 and iPadOS 18.4 in April, Apple News+ subscribers will have access to Apple News+ Food, a new section that will feature tens of thousands of recipes — as well as stories about restaurants, healthy eating, kitchen essentials, and more — from the...
Apple is expected to embrace a new camera system design for some models in its upcoming iPhone 17 series, and the latest purported CAD images don't deviate from what we have been hearing lately about Apple's new lineup. If you do not like the sound of an iPhone with a Google Pixel-style camera bar, look away now.
Seasoned leaker Sonny Dickson shared the following images in a post on X...
iOS 18.4 was supposed to bring new Apple Intelligence Siri features, but Apple ended up needing to pull those capabilities from the update to continue testing. There are fewer new Apple Intelligence additions now, but there are still some new features that will make the update worth installing when it comes out in April.
Priority Notifications
Apple introduced Priority Notifications back at ...
Apple has offered a reason why the iPhone 16e doesn't include MagSafe, one of the more notable omissions from its latest entry-level smartphone.
According to Apple representatives who spoke to Daring Fireball's John Gruber, MagSafe is not included in the iPhone 16e because "most people in the iPhone 16e's target audience exclusively charge their phones by plugging them into a charging...
With the iPhone 16e now in the hands of customers, Apple reportedly plans to move on to its next product announcement in the coming days.
Apple plans to announce new MacBook Air models with the M4 chip "as early as this week," according to Bloomberg's Mark Gurman.
"I expect the M4 MacBook Air to be introduced as early as this week," said Gurman, in a post shared on X today. "Inventory has ...
Throughout the 2000s and 2010s, Apple offered a line of Wi-Fi routers that it referred to as AirPort base stations. There was a standard AirPort Express, a higher-end AirPort Extreme with more advanced networking features, and an AirPort Time Capsule that doubled as an external storage drive for backing up a Mac with Time Machine.
Apple discontinued the AirPort line in 2018, but the company...
iPhone 16e reviews are now out, and Apple's custom-designed C1 modem has been put to the test. The results so far are quite surprising, as the C1's speeds are not as slow compared to Qualcomm modems as originally expected.
While the C1 does not support ultra-fast mmWave 5G in the U.S., it appears to offer comparable 5G performance to Qualcomm's Snapdragon X71 modem found in the iPhone 16,...
According to a post on X today from a leaker known as Kosutami, Apple plans to launch AirPods Pro 3 in May or June this year.
The leaker also claimed that an AirTag 2 will launch around the same time.
Kosutami is best known as a collector of prototype Apple hardware, but they have occasionally shared accurate information about Apple's future product plans. For example, they accurately...
