Daily Archives: August 6, 2012

Tech Blogger Mat Honan had his iCloud account hacked last Friday. Linked to that account were his iPad, iPhone, and computer, along with Gizmodo’s Twitter feed, which were all compromised in this attack. Funny thing is, Apple’s Tech Support were partially responsible.

Honan posted on his blog his own recollection of what was happening on his end during the attack. He says that his phone randomly went dead, then rebooted to the setup screen. He just assumed that it was a software glitch. Nothing more than a nuisance to him. When he tried to log into his iCloud account, his password was rejected. From there, he attempted to reboot from his MacBook, only to find that the iCal information for his Gmail account was incorrect. His screen then went grey, and it asked for his four-digit pin.

He didn’t have a four-digit pin.

“By now, I knew something was very, very wrong. I walked to the hallway to grab my iPad from my work bag. It had been reset too. I couldn’t turn on my computer, my iPad, or iPhone.”

His MacBook became completely wiped.

The full account can be found on his blog.

As he looked for solutions to his problem, the hacker made contact with him. Later, Mat found out how it all happened:

“I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass  security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.”

It seems like you can simply sweet-talk your way into someone’s account. Awesome. I mean, for this to actually happen, you probably need to be someone recognised in a larger society. I don’t really think this is a random attack on a random person. But it’s still not very reassuring to know that, regardless of security questions, this sort of thing can happen.

Apple are supposedly looking into their policy now, and making the necessary alterations to protect its users more thoroughly. To be fair, though, there wasn’t really much for them to do in this situation – if the hacker had actually been telling the truth, and the account was genuinely his, they were obliged to help however they could.

It really makes you think, though, how many times this has actually happened to people. I, for one, hardly forget my passwords, and if I do, then my security question is usually enough to give it back to me. You would think that, in this situation, they would have seen that Mat Honan had been using his same password for years, so there wasn’t really any reason for him to randomly forget it, all of a sudden. But I guess different people have different circumstances.

Moral of the story: don’t become well-known enough to have people want to hijack you. Social protocol will usually always overrule any other security measures, when it comes to tech support with any products.

How safe do you feel, being in New Zealand? I’m not entirely bothered by this thought. I feel like, because we’re a smaller country, that this couldn’t really happen to anyone here. Call it ignorance, call it arrogance – I’m just saying that I have bigger things to worry about.…