Apple Support Allowed Hacker Access to Reporter's iCloud Account
On Friday, Wired writer Mat Honan recounted the tale of how his iCloud account was hacked which resulted in his iPhone, iPad and MacBook Air getting remote wiped.
The point of entry appeared to be his iCloud account which was then used to gain access to Gmail and then his and former-employer Gizmodo's Twitter accounts.
At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere.
...
The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone
At 5:01 PM, they remote wiped my iPad
At 5:05, they remote wiped my MacBook Air.
A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well.
Honan wasn't entirely sure how the hackers had gotten access to his iCloud account. His guess was that they had somehow brute-force guessed the password, while others speculated his password had been keylogged or used in another insecure service.
As it turns out, the hacker was able to call Apple support and convince them they were the user. From an update to the original blog post:
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.
After convincing Apple support that they were Mat Honan, the hacker had Apple Support change Honan's iCloud password which gave them full access. From there, they were able to perform the remote wipes on Honan's devices using Apple's Find My iPhone service which offers remote wipe as a security feature for lost devices.
As a somewhat public figure, Honan may have been an easier target than the average iCloud user, but many users may also have personal information publicly available on online services such as Facebook that could be used in a similar fashion. Forbes' Adrian Kingsley-Hughes suggests that Apple "needs to tighten up security and come clean about what went wrong here."
Popular Stories
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Best Buy is discounting a collection of M3 MacBook Pro computers today, this time focusing on the 14-inch version of the laptop. Every deal in this sale requires you to have a My Best Buy Plus or Total membership, although non-members can still get solid second-best prices on these MacBook Pro models. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a...
Top Rated Comments
I hope they're able to restore his information from his Macbook Air.
Edit @iCrizzo (right below me)
http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard
This is the user's blog. Apple, obviously, won't admit this ever happened in public.
I'll wait to for a response from Apple before taking this story seriously.
I smell a rat...
unfortunately, neither of these moves would have helped Honan.
arn