Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

How Apple let a hacker remotely wipe an iPhone, iPad, MacBook
Gizmondo ^ | August 5, 2012 | Emil Protalinski

Posted on 08/06/2012 5:54:06 PM PDT by for-q-clinton

On Friday, I wrote about how Gizmodo's Twitter account was hacked. It turns out that this was Apple's fault.

Let's take a step back. Over the weekend, it quickly became clear that the bigger story was how the whole thing started. First, former Gizmodo employee Mat Honan's iCloud account was hacked. The hacker then remotely wiped his iPhone, iPad, and MacBook Air, got into his Gmail account, his Twitter account, and finally Gizmodo's Twitter account.

When this came to light, I updated my article with a link to Honan's blog: Emptyage. Once Honan regained access to his iCloud account, he was able to retrace the hacker's steps through password reset emails. With this new Apple tidbit, however, it's worth looking at what Honan found: . . . The fact a hacker was able to access Honan's iCloud account with the help of AppleCare support is very worrying. Remember: the hacker then proceeded to destroy Honan's whole digital life. That's something iCloud users need to be very wary of, and something Apple should address, but knowing Cupertino, it probably won't even comment.

As a journalist, I need to point out Honan currently works for Wired. It's not clear if he was targeted for this reason, but it is clear that his work was affected by this attack. On the flipside, his connections allowed him to get the issue resolved relatively quickly. How long would it have taken for the average Apple user?

(Excerpt) Read more at zdnet.com ...


TOPICS: Extended News; Miscellaneous; News/Current Events; Technical
KEYWORDS: apple; applecare; clouddata; flawed; hacked; hackers; identitytheft; iphone; maccult; macvirus; privacyrights; websecurity
Wow...I wonder how the apple defense force will spin this one?
1 posted on 08/06/2012 5:54:11 PM PDT by for-q-clinton
[ Post Reply | Private Reply | View Replies]

To: Swordmaker; ShadowAce

Pings please.


2 posted on 08/06/2012 5:54:55 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
Wow...I wonder how the apple defense force will spin this one?

From history......."Windows is bad, and full of bugs"

3 posted on 08/06/2012 6:01:12 PM PDT by Balding_Eagle (Liberals, at their core, are aggressive & dangerous to everyone around them,)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

If Alle will let someone mangle your devices, chances are your stuff in the cloud can be mangled :).


4 posted on 08/06/2012 6:14:53 PM PDT by Hardraade (http://junipersec.wordpress.com (Obama Kills))
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

When all of your stuff is stored off in some cloud, away from your direct control, how could this possibly NOT happen?


5 posted on 08/06/2012 6:34:21 PM PDT by norwaypinesavage (Galileo: In science, the authority of a thousand is not worth the humble reasoning of one individual)
[ Post Reply | Private Reply | To 1 | View Replies]

To: norwaypinesavage
There are two lessons here.
Apple can no longer enable children of all ages whose favorite mindless babble is "get an Apple."

And second, it validates my skepticism of the entire "cloud" concept. This generation of immature geniuses probably aren't aware that in the late 50s, the few mainframes in existence WERE the "clouds" of the day.
And the "experts" unanimously declared, "why would the world need more than a half dozen mainframes?
We know how that turned out.

No reason whatsoever that the rational individual user today, as opposed to large complex companies, would voluntarily turn over all her critical files and personal data to the current equivalent of a "mainframe."

I certainly won't. How may times does this concept need to be shot down?

6 posted on 08/06/2012 6:57:38 PM PDT by publius911 (Formerly Publius 6961, formerly jennsdad)
[ Post Reply | Private Reply | To 5 | View Replies]

To: for-q-clinton
Barbra Streisand!

The "victim" had a weak password.

7 posted on 08/06/2012 7:03:40 PM PDT by Revolting cat! (Bad things are wrong!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

The Woz has already spoken on this matter

http://www.i4u.com/2012/08/steve-wozniak/icloud-woz-foresees-horrendous-apple-s-problems


8 posted on 08/06/2012 7:08:08 PM PDT by AmonAmarth (Wherever you go...There you are)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
The scariest part of this story to me is how easy this was to pull off. According to Homan and confirmed by Apple, the hacker got access to Homan's accounts by doing some "social engineering" on Apple's tech support staff. They gave the hacker the access he needed.

Another article on this incident: Casey Berwick Blog

9 posted on 08/06/2012 7:08:41 PM PDT by Bob
[ Post Reply | Private Reply | To 1 | View Replies]

To: Revolting cat!
The "victim" had a weak password.

Actually he didn't, but that didn't matter. From the article I posted:

And the scariest part is that he had a strong, seven-digit alphanumeric password. Apple has confirmed to Honan that its own tech support staff provided the hacker entry into his online world via a bit of clever social engineering.

10 posted on 08/06/2012 7:15:24 PM PDT by Bob
[ Post Reply | Private Reply | To 7 | View Replies]

To: for-q-clinton
Get a Mac!
Ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha ha ha ha ha ha ha ha ha ha ha ha a ha ha!

Better yet, get one of everything Apple makes!

*Snortle*

Ha ha ha ha ha ha ha ha ha ha!

Get a Mac!

11 posted on 08/06/2012 7:20:35 PM PDT by publius911 (Formerly Publius 6961, formerly jennsdad)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bob

Ooops, my bad.


12 posted on 08/06/2012 7:23:17 PM PDT by Revolting cat! (Bad things are wrong!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: publius911

Cloud security is trickier than noncloud.


13 posted on 08/06/2012 7:36:14 PM PDT by HiTech RedNeck (let me ABOs run loose, lew (or is that lou?))
[ Post Reply | Private Reply | To 6 | View Replies]

To: publius911

aww, get a linux.


14 posted on 08/06/2012 7:37:24 PM PDT by HiTech RedNeck (let me ABOs run loose, lew (or is that lou?))
[ Post Reply | Private Reply | To 11 | View Replies]

To: publius911

No, more like “get in touch with a dunce from tech support.” But you already knew that and decided to make your post about something that is basically unrelated.


15 posted on 08/06/2012 7:39:27 PM PDT by SengirV
[ Post Reply | Private Reply | To 11 | View Replies]

To: publius911

I don’t like the idea of putting all my stuff out there for someone else to store, or look through.

iCloud should have been named iNightmare from my perspective.

I don’t trust the concept at all.


16 posted on 08/06/2012 7:43:48 PM PDT by DoughtyOne (Nope 2012)
[ Post Reply | Private Reply | To 6 | View Replies]

To: for-q-clinton; All
What they say is a LIE. There was no "hacking" involved.

The alleged "hacker" supposedly used social engineering, a con game, to convince AppleCare he was this "journalist."

Since this "journalist" has ties to ethics-challenged Gawker Media, who infamously purchased the stolen iPhone 4 prototype, I wonder how much of what he claims is truth and how much is fantasy.

It's amazing how willing people are to believe a story about a subject, Apple in this case, they have a grudge against.

17 posted on 08/06/2012 8:52:14 PM PDT by newzjunkey
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
Wow...I wonder how the apple defense force will spin this one

The facts: A worker bee at the Apple helpdesk didn't follow policy. I'd hate to work there around now. Interestingly, the personal information that Apple asked for, last four of credit card and billing address, was acquired through a loophole over at Amazon customer support. I don't see you bitching about Amazon.

18 posted on 08/06/2012 10:20:55 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton; ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; ...
A security break down in multiple entities allowed a hacker to get through and wipe the data from reporter's iPhone, iPad, and Macbook Air, after Apple gave them access to his iCloud Account—PING!

Apple only required his email, home address, and the last four digits of his credit card associated with his iCloud account to allow the hacker access to his account... allowing them full access to remote wipe his devices. This is unacceptable. However, the reporter/owner takes full responsibility for linking his google accounts and twitter accounts with simple information that lead the hackers to his Apple devices. Apple's employee, however, is culpable in letting the hacker through to the account when he could not answer the security questions. What are security questions FOR, if not security?


Apple Security Ping!

Please, No Flame Wars!
Discuss technical issues, software, and hardware.
Don't attack people!
Don't respond to the Anti-Apple Thread Trolls!
PLEASE IGNORE THEM!!!

If you want on or off the Mac Ping List, Freepmail me.

19 posted on 08/07/2012 10:39:17 AM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

No spin, but you are ignoring that before the hacker got full access to the target’s Apple iCloud account, he also achieved full access to his Amazon account, Google Gmail Account and twitter account... He could have purchased a lot of merchandise with the Amazon access that was granted him. The problem is not just Apple’s issue.

The only way he got access to the Apple iCloud account was the successful compromising of the Amazon account as the result of guessing the user’s other Google Gmail accounts from and then CALLING Amazon and telling them he could not access his (the target’s) Amazon account to add a new credit card with his password... and THEY, with minimal information gleaned from other internet searches, gave him a temporary password! He used THAT temporary password to change the Amazon account password which gave him full access to the target’s Amazon account, which gave him a list of the last four numbers of his credit cards associated with his Amazon accounts. He then called Apple armed with this data... and Apple obligingly ignored their own protocols about security questions, and also gave the hacker access. These were ALL PEOPLE MISTAKES! Social Engineering!

Ironically, when trying to correct all this later, Apple would NOT let the victim into his account because HE could not answer the security questions when the Apple people misheard his last name and were asking him the wrong security questions from someone else’s account!

Many companies are going to have to look at their security arrangement with what was revealed with this story.


20 posted on 08/07/2012 10:51:54 AM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 2 | View Replies]

To: for-q-clinton

Last week I was talking to a young lad and asked “let me see your paper for a minute” and he said “Wake up Old Man! Newspapers are no longer hip, here, try my I-Pad”.

Poor fly never knew what hit him.

Guess my aim is good as ever.


21 posted on 08/07/2012 11:05:51 AM PDT by xrmusn (6/98 "It is virtually impossible to clean the pond as long as the pigs are still crapping in it")
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

Pretty scary. Read about it and some social engineering came into the picture.


22 posted on 08/07/2012 1:03:13 PM PDT by CORedneck
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker
s. He then called Apple armed with this data... and Apple obligingly ignored their own protocols about security questions, and also gave the hacker access.

And the Apple Community forums are filled with gripes and complaints about how Apple wouldn't get them into their accounts without security questions... basically deriding Apple for following protocol and insisting on answers.

I am in no-way condoning the negligent Apple employee (who may very well be a "former" Apple employee now). But they are darned if they do, darned if they don't. Personally - if it comes down to me not being able to access an account or Apple (or Amazon or....) making it so easy to get in that it could be hacked with ease.... I choose make it difficult and give me an alternative way to get back in (send in my computer/iPhone, or go in-person to AppleStore with ID...)

23 posted on 08/07/2012 1:37:31 PM PDT by TheBattman (Isn't the lesser evil... still evil?)
[ Post Reply | Private Reply | To 20 | View Replies]

To: CORedneck
Pretty scary. Read about it and some social engineering came into the picture.

You remember that Kevin Mitnick kid who was supposed to be the world's greatest hacker? A lot of what he was doing was social engineering or derived from social engineering. If he hadn't been a smooth talker nobody would know who he is, because he would never have gotten as far as he did.
24 posted on 08/07/2012 3:12:01 PM PDT by af_vet_rr
[ Post Reply | Private Reply | To 22 | View Replies]

I see the donate button right now has Reagan on it.

He wouldn’t make it here these days, he would be zotted.

After all he actually believed that half a loaf was better than none. So certainly not pure enough nor conservative enough.


25 posted on 08/07/2012 7:52:55 PM PDT by Not gonna take it anymore (If Obama were twice as smart as he is, he would be a wit)
[ Post Reply | Private Reply | To 1 | View Replies]

To: DoughtyOne
iCloud should have been named iNightmare from my perspective.

But it just works so well. I got an email on the Mac from a new business contact. I hovered over the signature block, and Mail offered to make a contact out of it. I did so, and dude was in my contacts (it parsed everything perfectly). Both the computer and my iPhone are hooked to iCloud, so later when I went to call him, the full contact was already there. I could also have the most seamless bookmark syncing out there, but I still use Firefox.

The cloud has also saved me money. I use iTunes match to get songs on my iPhone synced with my computer. So now my 16 GB iPhone has access to my 40+ GB of music (the service even upgraded most of my music to 256 kb). Why buy a 64 GB phone? I burn a new CD or download a new song, and there it is, available on the iPhone.

OTOH, none of this is worth anything to anybody, or more personal than the basic contact list. The most valuable thing is one credit card number, for an account with very limited credit. Now when you start storing very sensitive personal data, or mission-critical enterprise data, then I definitely have problems with the clouds as they are today.

26 posted on 08/09/2012 12:55:52 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 16 | View Replies]

To: antiRepublicrat

That sounds good, and I’m sure some folks are making great use out of it.

One of the things that had me second guessing it, was the fee. You were talking 40 gigs of songs. What’s the rate on storing that on the iCloud?

Doesn’t Apple only give you five gigs or so gratis?

I just wasn’t looking for another monthly charge in addition to everything else I’m dinged per month.

Between our cable service and our telephone services, we’re paying out the kazoo each month. All I need is another $20 added on to that.


27 posted on 08/09/2012 2:10:43 AM PDT by DoughtyOne (Nope 2012)
[ Post Reply | Private Reply | To 26 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson