How Apple and Amazon Security Flaws Led to The Epic Hacking of Mat Honan
Meet Mat Honan. He just had his digital life dissolved by hackers.
On Friday Aug.3.2012 Mat Honan’s personal Computer (PC) system was invaded by hackers. In the space of one hour, Mat’s entire digital life was destroyed. First his google account was taken over, then deleted. Next his twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, Honan’s Apple ID account was broken into, and his hackers used it to remotely erase all of the data on his IPhone, IPad, and MacBook. Had he been regularly backing up the data on his MacBook, he wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of his daughter, or documents and e-mails that he had stored in no other location. -Honan realized something was wrong at about 5 p.m. on Friday. He was playing with his daughter when his iPhone suddenly powered down. He was expecting a call, so he went to plug the phone back in. It then rebooted to the setup screen. This was irritating, but he wasn’t concerned. He assumed it was a software glitch. And, his phone automatically backs up every night. He just assumed it would be a “pain in the ass”, and nothing more. He entered his iCloud login to restore, and it wasn’t accepted. Again, although he was irritated, he was not alarmed. He went to connect the iPhone to his computer and restore from that backup, which he had just done the other day. When he opened his laptop, an iCal message popped up telling him that his Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN, which he never had. By now, Mat knew something was very wrong. For the first time it occurred to him that he was being hacked. Unsure of exactly what was happening, he unplugged his router and cable modem, turned off the Mac Mini which his entire family uses as an entertainment center, grabbed his wife’s phone, and called AppleCare, the company’s tech support service, and spoke with a representative for the next hour and a half. It wasn’t the first call they had had that day about Mat’s account. In fact, he later found out that a call had been placed just a little more than half an hour before his own. But the Apple representative didn’t bother to tell him about the first call concerning his account, despite the 90 minutes he spent on the phone with tech support. Nor did Apple tech support ever tell him about the first call voluntarily, it only shared this information after he asked about it. And he only knew about the first call because a hacker told him he had made the call himself. At 4:33 p.m., according to Apple’s tech support records, someone called AppleCare claiming to be Mat Honan. Apple says the caller reported that he couldn’t get into his Me.com e-mail, which, of course was Mat’s Me.com e-mail. In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions which Mat had set up. And Apple did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone could discover. At 4:50 p.m., a password reset confirmation arrived in Mat’s inbox. He hardly really used his me.com e-mail, so he rarely checked it. But even if he did, he might not have noticed the message because the hackers immediately sent it to the trash. They then were able to follow the link in that e-mail to permanently reset his AppleID password. At 4:52 p.m., a Gmail password recovery e-mail arrived in Mat’s me.com mailbox. Two minutes later, another e-mail arrived notifying him that his Google account password had changed. At 5:02 p.m., they reset his Twitter password. At 5:00 they used iCloud’s “Find My” tool to remotely wipe Mat’s iPhone. At 5:01 they remotely wiped his iPad. At 5:05 they remotely wiped his MacBook. Around this same time, they deleted his Google...
Please join StudyMode to read the full document