How Apple's and Amazon's Security Flaws led to a Gizmodo Reporter being hacked

PPTP VPN being replaced by L2TP VPN
August 3, 2012
BolehVPN-GUI v1.0.1 for OS X Finally Released
August 16, 2012
Show all

How Apple's and Amazon's Security Flaws led to a Gizmodo Reporter being hacked

Wired Magazine posting a very interesting if also scary article detailing how hackers gained access to a Gizmodo’s reporter entire digital life through flaws in Apple and Amazon’s security. Mat Honan, a Gizmodo Senior Reporter suffered horribly when he lost access to his Twitter, Google accounts and all the data on his iPhone/iPad and MacBook.

By exploiting the customer service procedures employed by Apple and Amazon, hackers were able to get into iCloud and take over all of Mat Honan’s digital devices — and data. Photo: Ariel Zambelich/Wired

In short:

  1. To retrieve someone’s Apple ID, all you need is the associated e-mail address, the last 4 digits of the person’s credit card number and a billing address, information that may be easily obtained. This is even when you fail the security questions that you set.
  2. You can also gain access to someone’s Amazon account by calling customer support, providing the name, billing address and e-mail. You then add a new credit card to the account and then making a second call to say that you’ve lost your password providing the new credit card number you gave them.  Add a new e-mail address to it and suddenly you can reset your account without knowing the password.
  3. Because of the insecurity of the Apple ID, Find My Mac becomes very dangerous as it can then wipe your computer. There is no additional authentication required to wipe besides your Apple ID.
  4. Choose a recovery e-mail for password resets that is NOT associated to important services or else the breach of one account, may lead to password resets/breaches to other accounts.

You may read Mat’s harrowing tale in full here on Wired. As at time of posting, this vulnerability has NOT been fixed by Apple despite them knowing about this. See Gizmodo’s post on this issue as well.

Leave a Reply

Your email address will not be published. Required fields are marked *