August 10 2012

Up until Tuesday August 8 someone with an Apple_ID and an Amazon account faced a security hole that was so big it allowed anybody with a telephone and a little common sense to get access to both accounts in under 15 minutes.  It wasn’t until a journalist from Wired magazine had EVERYTHING on his iMac, iPhone, iCloud and Amazon account erased that this security flaw became publically exposed.

With surprising ease a complete stranger got control of Mat Honan’s Amazon account over the phone in under 15 minutes last Friday Aug 3.  Who cares if someone can get your Amazon account information? With this information they could get the last 4 digits of any credit cards you keep on file.  4 Digits don’t seem like much but this is the exact same information Apple Phone support needs to reset someone’s password!  What happened in the next 30 minutes was that Mat Honan had lost all information on his Apple devices, his Gmail account taken over and his Twitter account taken over. 

Most importantly, he lost every photo of his daughter from his iMac.  The hacker’s turned out to be juvenile in nature – Mat actually talks about his online chats with the hackers.  Immature kids who wanted nothing more than to take over his ‘cool’ Twitter account.  If they had some highly malicious intent it is hard to tell how much further they could have hacked his friends and families accounts as well as contacts saved to the iCloud.  But in 30 minutes he had lost everything, mostly due to a security flaw so big it’s hard to imagine that millions of users are exposed to the same thing.

By Thursday afternoon August 9 both Amazon and Apple had stopped resetting passwords over the phone as a stop gap measure to protect others from experiencing the same thing.  However, this is only a little bit better than a temporary band-aid.  Who knows how many other clever ways someone can conjure up to accomplish the same thing?  Single accounts that control many services are convenient.  But as Mat Honan experienced this convenience comes with a potential risk not easily calculated.

Written by Darren Boyer

Darren Boyer

Darren Boyer is the founder and president of pcit.

Related Posts:

  • No Related Posts