Mat Honan, former Gizmodo writer now working for Wired, explains how hackers got into his iPhone, iBook, iPad, Twitter, Amazon and Gmail accounts using nothing more than social engineering mixed with security flaws on how Apple's customer service identifies a user.
[...] what happened to me exposes vital security flaws in several customer service systems, most notably Apple's and Amazon's. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information -- a partial credit card number -- that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
This isn't just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, I've heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.
Moreover, if your computers aren't already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google's entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms -- which can be cracked, reset, and socially engineered -- no longer suffice in the era of cloud computing.
|Protect Your Data During U.S. Border Searches|
|The Psychology Behind Our Screen Savers|
|Apple's Secret? It Tells Us What We Should Love|
|Russia's President says country's ranking 'very difficult' when compared with America's|
|Flat UI Colour Picker|
|“This 160-step biochemical process is very well studied, and surprisingly inefficient.”|
|“Eliminating the time needed to stop and re-charge a conventional electric car’s battery.”|
|“Nobody is forcing the participants to stay, of course, but if they leave, they won’t be paid.”|
|Making a Movie Inside a Video Game|
|“Our Internet handlers, not government, are using operant conditioning to modify our behaviour today.”|
|“During this phase of decline, the US was likely to go through a phase of reactionary 'fascism'.”|
|Google Map Shows You the Most Photographed Areas of the World|
|“We’re going to start to see chip implants get the same realm of acceptance as piercings and tattoos.”|
|“Within 30 years, half of humanity won't have a job. It could get ugly — there could be a revolution.”|
|“The shift from fuel and pistons to batteries and electric motors is unlikely to take that long.”|
|“After 78 years, the helicopter has been reinvented.”|
|Defacing Street Signs Can Send Self-Driving Cars Crashing|