Apple Support Allowed Hacker Access to Reporter's iCloud Account
On Friday, Wired writer Mat Honan recounted the tale of how his iCloud account was hacked which resulted in his iPhone, iPad and MacBook Air getting remote wiped.
The point of entry appeared to be his iCloud account which was then used to gain access to Gmail and then his and former-employer Gizmodo's Twitter accounts.
At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere.
...
The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone
At 5:01 PM, they remote wiped my iPad
At 5:05, they remote wiped my MacBook Air.
A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well.
Honan wasn't entirely sure how the hackers had gotten access to his iCloud account. His guess was that they had somehow brute-force guessed the password, while others speculated his password had been keylogged or used in another insecure service.
As it turns out, the hacker was able to call Apple support and convince them they were the user. From an update to the original blog post:
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.
After convincing Apple support that they were Mat Honan, the hacker had Apple Support change Honan's iCloud password which gave them full access. From there, they were able to perform the remote wipes on Honan's devices using Apple's Find My iPhone service which offers remote wipe as a security feature for lost devices.
As a somewhat public figure, Honan may have been an easier target than the average iCloud user, but many users may also have personal information publicly available on online services such as Facebook that could be used in a similar fashion. Forbes' Adrian Kingsley-Hughes suggests that Apple "needs to tighten up security and come clean about what went wrong here."
Popular Stories
If you've been following iPhone rumors over the last few years, you may remember reading reports that Apple flirted with the idea of introducing a super high-end "Ultra" model that would either replace its Pro Max device or sit above it in Apple's smartphone hirearchy. These reports appeared in the pre-launch iPhone 15 and iPhone 16 rumor cycles, but ultimately came to nothing. Now though, the...
The upcoming iOS 18.4 update for the iPhone includes a smaller but meaningful improvement for Apple's in-car iPhone mirroring system CarPlay.
Specifically, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra with a...
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for.
Apart from their audio and noise-canceling performance, which are generally regarded as excellent for...
Apple today launched a new app called Surveyor, which is designed to allow users to collect data like images of street signs and roadside details to improve Apple Maps.
The app is not public facing and appears to be for use with companies that Apple partners with to assign mapping tasks. Downloading the app and opening it up directs users to "Open Partner App" to choose a task. Tapping on...
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device.
Overall, the "iPhone 17 Air" sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including only a single rear camera, a...
Apple is reassuring employees on the Siri team who may be feeling demotivated by the recent Siri delays and the bad press surrounding the company's decisions, reports Bloomberg.
In a Siri team meeting, Apple senior director Robby Walker acknowledged that employees might be feeling "angry, disappointed, burned out and embarrassed" following the Siri delay, but he praised the hard work of...
Apple made a major misstep with the way that it handled the delay of Apple Intelligence features for Siri, Apple analyst Ming-Chi Kuo said today. Announcing the delay through a press statement was a bad decision, and Apple should instead have gone through official channels.
Kuo referenced the well-known "Antennagate" PR crisis when the iPhone 4 launched in 2010, and the way that then Apple...
Apple is planning some of the "biggest iOS and macOS redesigns in its history," according to Bloomberg's Mark Gurman.
In his Power On newsletter today, Gurman reiterated that iOS 19 will have a visionOS-like design with more transparent interfaces:The new interfaces will adopt the design principles introduced in visionOS, the software for Apple's Vision Pro headset. That includes greater...
Apple is set to release iOS 18.4 in early April, bringing further refinements to Apple Intelligence features, a neat new capability to iPhone 15 Pro devices, new emoji, and more.
While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.4 still introduces enhancements that aim to make your iPhone smarter and more intuitive. Below, we've listed 12 new...
