Is your iCloud account secured by a good password? That’s not going to help you if Apple sidesteps your security and hands hackers access to your account.
Yesterday I posted Mat Honan’s tale of woe. Hackers got into his iCloud account and used that to remote wipe his iPhone, iPad and MacBook before going on to create more mayhem. At the time it was assumed that the hackers had used bruteforcing – trying passwords until they got lucky — but it turns out that Apple gave the hackers access to his iCloud account.
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.
“Social engineering” is a fancy word for tricking the person on the other end to do what you want by making them believe that they are you.
Nothing can protect you from this kind of targeted attack. You ca have the best password possible, and awesome security questions, but if the hacker can convince the tech support person that they are you, they can walk past all that security.
Scary thought!
People can be tricked, but given the power that access to an iCloud gives someone — access to documents, photos, not to mention the ability to delete devices — I would expect Apple to have tighter controls over how people are allowed to bypass security questions. People do forget their passwords, and they do forget their security questions, but before allowing someone to bypass these safeguards Apple should err on the side of caution, perhaps making the person making the request jump through a number of hoops before giving them access to the account.
This high-profile hack of an iCloud account has highlighted that Apple has a weakness here, and the company needs to tighten up security and come clean about what went wrong here.
1 comments:
Apple has a huge security hole. For years it was said to not get viruses, as all viruses were written for the hugely popular Windows PC. Now however, Apple is having to relearn it's security. Obviously this extends beyond just the software. Microsoft's Security has gotten great and Apple's hasn't gotten anything. Other security issues have been shown in Apple's OS and other things (The recent hole for in app purchases and others).
This is something Apple needs to fix, maybe they aren't used to being a leader, but they won't keep it if they keep stumbling.
Post a Comment