Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Hacker tricks AppleCare into exposing writer's iCloud login

Hacker tricks AppleCare into exposing writer's iCloud login
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Aug 6, 2012, 06:38 AM
 
A writer for Wired, Mat Honan, says he has confirmed with both Apple and the hacker that victimized him that his iCloud account was recently compromised by a "social engineering" trick with AppleCare. The hacker managed to get an AppleCare support staffer to skip security questions, and then reset Honan's password, giving the hacker complete access to anything tied to Honan's iCloud account or email address. This included not only personal and Gizmodo Twitter accounts, but also Honan's Gmail account, which was completely wiped out. Making matters even more severe, the hacker used Find My iPhone to perform remote wipes of Honan's Mac, iPhone, and iPad.

The writer says he is working with Apple and Google to recover lost data, and Apple in fact currently has his MacBook. He has also regained control of all the accounts he knows the hacker got access to, but adds he is still trying to determine what else the hacker might have cracked. The incident may raise serious questions about the security of AppleCare. It may also spawn worries about the increasingly close integration of iCloud into Apple products, since a breach in one area can potentially leave a person's digital life completely exposed, depending on how much they've entrusted Apple with.
     
Mac Enthusiast
Join Date: Dec 2007
Location: Twin Cities, MN
Status: Offline
Reply With Quote
Aug 6, 2012, 07:26 AM
 
"The hacker managed to get an AppleCare support staffer to skip security questions..."


WTF?!?
     
Professional Poster
Join Date: Feb 2000
Location: Nashua NH, USA
Status: Offline
Reply With Quote
Aug 6, 2012, 08:07 AM
 
Its called social engineering. Like standing on a street corner trading passwords for candy bars.
     
Mac Enthusiast
Join Date: Dec 2007
Location: Twin Cities, MN
Status: Offline
Reply With Quote
Aug 6, 2012, 08:51 AM
 
If Apple isn't going to take iCloud seriously, then let them suffer the consequences of this negative press. What's the point of having "security questions" if the AppleCare rep doesn't follow policy?

I say this just two days after upgrading from 10.6.8 to Mountain Lion. iCloud is disabled on my Mac, as well as my iPad. My "cloud" consists of a collection of DVDs, USB sticks and SD cards in a safety deposit box in my bank. You know, where I actually have to show photo ID, provide my account number as well as my deposit box number to get in.
     
Fresh-Faced Recruit
Join Date: Nov 2003
Location: Denver
Status: Offline
Reply With Quote
Aug 6, 2012, 09:32 AM
 
I agree...... WTF!
I always thought AppleCare was a warranty extension on your hardware.

When did it become a password reset option?
     
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
Aug 6, 2012, 10:50 AM
 
There's nothing wrong with AppleCare.
The problem is with the Apple staffer that didn't follow proper procedure.
That person had better be chastised/fired.
They are the cause of the security breach.
There is nothing that can be made 100% secure as long as human beings are part of the equation.

This same story could be about Amazon, a financial institution or any other place that requires a login and password.
HyperNova Software, LLC
     
Banned
Join Date: Feb 2005
Status: Offline
Reply With Quote
Aug 6, 2012, 01:22 PM
 
Originally Posted by Grendelmon View Post
If Apple isn't going to take iCloud seriously, then let them suffer the consequences of this negative press. What's the point of having "security questions" if the AppleCare rep doesn't follow policy?
I say this just two days after upgrading from 10.6.8 to Mountain Lion. iCloud is disabled on my Mac, as well as my iPad. My "cloud" consists of a collection of DVDs, USB sticks and SD cards in a safety deposit box in my bank. You know, where I actually have to show photo ID, provide my account number as well as my deposit box number to get in.
Totally agree with you on this, 110%
     
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Aug 6, 2012, 02:16 PM
 
Originally Posted by Grendelmon View Post
If Apple isn't going to take iCloud seriously, then let them suffer the consequences of this negative press. What's the point of having "security questions" if the AppleCare rep doesn't follow policy?
True.

The rep erred on the side of good will. Which he cannot, if he wants to do his job properly.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 09:18 PM.
All contents of these forums © 1995-2014 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2014, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2