The Inquirer-Home

Apple and Amazon plug security holes exposed by Icloud hack

No more changing your details over the phone
Thu Aug 09 2012, 16:55
Security threats - password theft

A HIGH-PROFILE HACKING ATTACK has caused both Apple and Amazon to review their security practices after weaknesses in both their systems were exposed online.

On Friday, Matt Honan, a senior writer at Wired.com exposed vulnerabilities in both Apple's and Amazon's security practices, after the companies gave a hacker access to his personal details over the phone. This hacker gained access to Honan's Apple account, which resulted in his Ipad, Iphone and Macbook being wiped.

The hacker also gained access to Honan's Twitter account, which saw embarrassing updates posted to the Wired.com Twitter account.

While Honan admitted that he should have backed up his data more often and that setting up two-factor authentication on his Gmail account would have protected his and Wired's Twitter accounts, he exposed some serious flaws in the ways both Apple and Amazon operated.

He said in a blog post, "What happened to me exposes vital security flaws in several customer service systems, most notably Apple's and Amazon's.

"Apple tech support gave the hackers access to my Icloud account. Amazon tech support gave them the ability to see a piece of information - a partial credit card number - that Apple used to release information."

"In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices."

Since the high-profile hacking exploit has been exposed, both companies have announced changes to their security practices. Apple has stopped processing password resets over the phone, while Amazon stopped accepting changes to account settings over the phone.

Both Apple and Amazon declined to provide further comment on their security changes. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?