Apple tech support 'socially engineered' in hack of journalist's iCloud account

Posted:
in General Discussion edited January 2014
Tech reporter Mat Honan's iCloud account was compromised on Friday, wreaking havoc on both his personal machines as well as Gizmodo's Twitter feed, and it was discovered on Sunday that Apple tech support was partly to blame for the breach.

The hack was first thought to be a simple brute force attack on Honan's seven-digit alphanumeric iCloud password, which he has used for "years and years," though in the process of reconfiguring accounts it was confirmed that the issue wasn't a password, but the "social engineering" of an Apple tech support employee.

In recounting the experience on his blog, Honan first realized something was amiss when his iPhone rebooted to the default setup screen. He couldn't log in to iCloud to restore the handset's previous settings from the device itself, so Honan connected the iPhone to his MacBook Air which displayed an iCal error message before its screen went gray and asked for a four digit PIN.

"I didn?t have a four digit pin," Honan wrote. "By now, I knew something was very, very wrong. I walked to the hallway to grab my iPad from my work bag. It had been reset too. I couldn?t turn on my computer, my iPad, or iPhone."


Things got progressively worse from there as Honan's Google account was deleted, the only way to restore it would be via text message to the iPhone he no longer had access to. The tech writer's Twitter feed, along with his previous employer Gizmodo's, were also compromised. Perhaps most troubling was that his MacBook Air was being remotely wiped, along with his iPad and iPhone, using Apple's Find My Device feature. The wipe may be recoverable, however, as Honan stopped the process by powering the MacBook Air down before an over-write began.

Find my Device
Find my iPhone on iOS 5.


Honan noted in a blog update that a person claiming to be the hacker made contact and told him "[I] didn't ur password or use bruteforce. i have my own guide on how to secure emails."

From Honan's blog:
I know how it was done now. Confirmed with both the hacker and Apple. It wasn?t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I?m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.
In the last update to Honan's saga, AppleCare was able to confirm the hacker's claims of bypassing iCloud's password protection by going through an employee. A more detailed account of how this was done will be made public in a Wired report on Monday.

Honan reached out to Apple Corporate as well as the company's PR team, though no response has been given at the time of this writing.
«134567

Comments

  • Reply 1 of 121
    muppetrymuppetry Posts: 3,331member
    Now that should not be possible. If it's true then I'll bet Apple are scrambling to roll out some new training.
  • Reply 2 of 121
    A brave new world, this "cloud." Makes me long for the days when I owned my own data. Oh wait, I still do (pats Snow Leopard on the head).
  • Reply 3 of 121
    sabugasabuga Posts: 45member


    Just wondering, If you set really easy questions for the "confirm it's you" bit, then Google searches may have the answers. (E.G. if you haven't got a private FaceBook account, quite a lot of info will be publicly avaliable, therefore making it very easy for a clever person to bluff their way through proving that they're "you"!


    Having said that, I have backups of important data that is stored in iCloud (Contacts, photos etc), since if iCloud dies, or goes offline, I don't want to loose it all.


    I work in IT, and I keep having to tell users than you can never have too many backups!

     

  • Reply 4 of 121
    wizard69wizard69 Posts: 13,377member
    ICloud as a service is extremely flawed. If nothing else the service should have a way to backup to an owners Mac OS machine. Further saving a copy of an iCloud file locally shouldn't be so damn difficult. ICloud is like 80% of the way there but Apple certainly missed important use cases and seems to have forgotten about user control.
  • Reply 5 of 121
    enzosenzos Posts: 344member


    I smell a rat. 

  • Reply 6 of 121


    I sure hope that AI is not going to make this a major story. Yes, a tech support guy (or gal) screwed up. Yes, Apple is going to tighten the process. But AI is going to blow this way out of porportion. AI give it a rest......

  • Reply 7 of 121
    muppetrymuppetry Posts: 3,331member
    I sure hope that AI is not going to make this a major story. Yes, a tech support guy (or gal) screwed up. Yes, Apple is going to tighten the process. But AI is going to blow this way out of porportion. AI give it a rest......

    Well to be fair - if it is true then it is a real issue, since it implies that the controls against it happening are administrative, rather than engineered. That said, I'm sure Apple will fix it, and quickly.
  • Reply 8 of 121
    nagrommenagromme Posts: 2,834member

    Quote:

    Originally Posted by wizard69 View Post



    ICloud as a service is extremely flawed. If nothing else the service should have a way to backup to an owners Mac OS machine. Further saving a copy of an iCloud file locally shouldn't be so damn difficult. ICloud is like 80% of the way there but Apple certainly missed important use cases and seems to have forgotten about user control.


     


    Supposedly you just drag the file from the iCloud view wherever you want, and you have a local copy. I’m not rushing into Mountain Lion so I can’t say.


     


    I’m approaching all cloud-based services from DropBox to iCloud cautiously and slowly. Using them strategically to solve problems (like keeping my calendars in sync) but not jumping in with both feet. This event, like that DropBox password incident, reinforces my plan! I still like DropBox and iCloud as far as I use them, but my trust for them will be growing veeeeryyyy slooowlllyyy.


     


    And I’ll always have multiple backups of my own! If anyone somehow attacks me, I’ll be back up and running in a matter of hours with no loss. (I even do my backups in multiple different ways and store them in different places, but I know most won’t go THAT far. For most, the “cloud" is potentially a great thing in case of fire!)


     


    In any case, I hope the attacker does some SERIOUS JAIL TIME. That’s like breaking into an artist’s house and burning his paintings, his art supplies, his family photos, and his address book. Apple’s rep needs to be looking for a new job (and Apple needs policies to make such failures impossible), but the attacker needs to be looking for a cellmate.

  • Reply 9 of 121
    mcarlingmcarling Posts: 1,106member


    This story has an extremely misleading introduction.  Apple are not "partly" to blame.  Apple are entirely to blame.


     


    When the hacker was unable to answer the security questions, the tech support employee should have put the hacker on hold, phoned Mat Honan's iPhone, and asked if he had just phoned Apple tech support to change his iCloud password.

  • Reply 10 of 121
    quadra 610quadra 610 Posts: 6,756member


    Payback.    ;)


     


     


     


    image

  • Reply 11 of 121


    The only way Apple does resolve anything is if a big deal is made.

     

  • Reply 12 of 121
    muppetrymuppetry Posts: 3,331member
    The only way Apple does resolve anything is if a big deal is made.

     

    I doubt that would be the case this time.
  • Reply 13 of 121

    Quote:

    Originally Posted by Ed Steinberg View Post


    I sure hope that AI is not going to make this a major story. Yes, a tech support guy (or gal) screwed up. Yes, Apple is going to tighten the process. But AI is going to blow this way out of porportion. AI give it a rest......





    Isn't this precisely the type of story that should be on this site? A whole lot more relevant to Apple customers than what Microsoft Surface is about?

  • Reply 14 of 121


    Jizzmodo?


    The same bottom feeding scum, short attention span whores; Jizzmodo?


    Really?


    There must be a lot more to this. A whole lot.


     


    I think If it was this easy, why not someone else?. Why not a whole lot of other accounts?


    It just happened to be the one Jizzmodo?

  • Reply 15 of 121
    wurm5150wurm5150 Posts: 763member
    That Apple tech support rep is about to be fired.. If not, should be.
  • Reply 16 of 121
    dasanman69dasanman69 Posts: 13,001member
    The only way Apple does resolve anything is if a big deal is made.

     

    How can they? There's no software to stop social engineering.
  • Reply 17 of 121
    muppetrymuppetry Posts: 3,331member
    dasanman69 wrote: »
    The only way Apple does resolve anything is if a big deal is made.

     

    How can they? There's no software to stop social engineering.

    But you can make it almost impossible.
  • Reply 18 of 121
    djsherlydjsherly Posts: 1,031member

    Quote:

    Originally Posted by Quadra 610 View Post


    Payback.    ;)


     


     


     


    image



     


    Because some other dude got his e-life wiped?

  • Reply 19 of 121
    quadra 610quadra 610 Posts: 6,756member

    Quote:

    Originally Posted by djsherly View Post


     


    Because some other dude got his e-life wiped?



     


    Gizmodo. 

  • Reply 20 of 121
    adonissmuadonissmu Posts: 1,774member


    I only put stuff on the cloud I can get back easily or that I dont need. I do manual cloud syncs only. 

Sign In or Register to comment.