Apple tricked into giving hackers access to journalist’s iCloud account
Find My iPhone/iPad/Mac is a handy iCloud feature that can help you locate your lost or stolen Mac or iOS device on a map, display messages on its screen, and remotely wipe its data. But as Wired journalist Mat Honan recently found out, if your iCloud login details end up in the wrong hands, the results can be disastrous.
On his personal blog Emptyage, Honan explains that having somehow gained access to his iCloud account, hackers were able to wipe his iPhone, iPad, and MacBook Air – which included over a year’s worth of photos, emails, documents, and more.
In addition, because Honan’s .mac address was also the backup address for his Gmail, the hackers were able to reset his Google Account, and take over both his personal Twitter account, and the linked Twitter account of his previous employee Gizmodo.
So how did the hackers manage to get hold of Honan’s iCloud details? Initially he thought his 7 digit password might have been brute-forced – a method which involves a program cycling through every possible combination of characters until the correct sequence is discovered.
However, having spoken to one of the perpetrators, it transpired that a member of Apple’s tech support had given the hackers access after they pretended to be him, and used “social engineering” methods to trick their way past security questions. This was also confirmed to be the case by AppleCare.
While Honan’s public profile as a journalist may have made helped the hackers to spoof his identity, the fact that Apple’s security checks were breached so easily is clearly a major cause for concern.
His experience also highlights the danger of linking multiple online services together, and the importance of backing up data on a regular basis.