Sunday, August 5, 2012

Apple Tech Support Gave Attackers Access to Journalist's iCloud

from securitywatch.pcmag.com

Last week, attackers socially engineered Apple tech support to hack into a Wired writer's iCloud account, wiping out the journalist's iPhone, iPad, and Macbook Air, as well as compromising his Gmail and Twitter accounts.

Mat Honan recounted the gory tale in a blog post:

"At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere."

"The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed."

"At 5:00 PM, they remote wiped my iPhone


At 5:01 PM, they remote wiped my iPad


At 5:05, they remote wiped my MacBook Air."

Furthermore since Honan's Twitter account was linked to Gizmodo's, from when he used to
write for them, the attackers briefly tweeted racist, belligerant slurs from that account on Friday.

The attackers, a group called VV3, also disabled Honan's Sprint service and changed all corresponding information to his Apple account (dumping it onto Pastebin), which prevented Honan from being able to verify his account on the phone with Apple and stop the wiping process.

Unfortunately for Honan, it sounds like he hadn't backed up his Macbook with Time Machine, but I'm willing to bet a lot of money that he (AND HOPEFULLY YOU) will never make that same mistake again.

It's important to note that this account pwnage, like many, was completely unrelated to the strength of Honan's passwords. Plus, he used 1Password to manage all his passwords.

So the key question now is how the attackers convinced Apple tech support to reset Honan's iCloud password. It's unclear from Honan's post, it sounds like the hackers didn't even need to know Honan's mother's maiden name. "They got in via Apple tech support and some clever social engineering that let them bypass security questions," Honan wrote.

Apple, can you comment?

No comments:

Post a Comment