Hackers remotely erase journalist's iPhone, iPad and MacBook
Tech journalist and former Gizmodo reporter Mat Honan had his iCloud account hacked and his iPhone, iPad and MacBook remotely erased by hackers last Friday. The hackers are supposedly from the hacker group Clan Vv3, which used social engineering techniques to gain control of Honan's iCloud account.
The hackers also leveraged his Apple (NASDAQ: AAPL) ID account to break into his Google (NASDAQ: GOOG) account. This information was subsequently used to access Honan's Twitter account, and because it was linked to Gizmodo's Twitter account, was used to send racists tweets. Additionally, Honan's smartphone, tablet and Mac laptop were remotely erased as collateral damage--just to prevent him from using them to regain access to his iCloud account.
The crux of the issue is how varying account-reset mechanisms--used in different cloud services--can be exploited to gain control of an online service without brute force hacking. To reset an Apple ID, all someone needs to provide is an associated email address, the billing address and the last four digits of a credit card number on file. The first two items can be gleaned from various online services or even regular searches on Google.
It was the acquisition of the credit card information that was interesting, since it involved another level of social engineering to gain control of an Amazon (NASDAQ: AMZN) account. Once in, the hacker was able to see the last four digits of the registered credit card number, or other adequate information, which was then used to reset the iCloud account.
Apple has admitted that its internal policies were not "followed completely" in this situation. "In this particular case, the customer's data was compromised by a person who had acquired personal information about the customer," said Apple spokesperson Natalie Kerris to Wired. "We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."
You can get the full low-down on what happened from this Wired article titled, "How Apple and Amazon security flaws led to my epic hacking," which was written by Honan. The report offers a blow-by-blow account and details on how the hackers were able to gain control of his Amazon account.