Apple end reporter's digital life with lousy security controls
Apple are in a spot of bother after a reporter for Wired lost his digital life thanks to the company not being vigilant enough when it comes to thwarting ne'er-do-wells. What has been happening is that their support staff have been changing users passwords over the phone.
A hacker called Apple and, as a result, Wired's Mat Honan lost control of his Google, GMail, and Twitter accounts as well as losing his Apple ID. He was locked out of his iPhone and saw his laptop wiped.
The tech giant has now suspended all password changes over the phone while they get things sorted. Good thing too, because it seems you can change a password pretty easily.
Honan said: "It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud."
"My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms - which can be cracked, reset, and socially engineered - no longer suffice in the era of cloud computing."
In a statement to Wired, Apple spokesman Natalie Kerris said: "Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected."