Remember Mat Honan, the journalist whose iCloud account was compromised after an Apple representative handed out the account password to a bunch of hackers? If you didn’t find reading Honan’s first impressions regarding the affair a disturbing enough experience (anyone disabled their iCloud account yet?), folks hooked-up to a cloud-powered service might be interested in reading the full, in-depth article recently published in Wired, and authored by Honan himself.
If you didn’t read our original article, in a nutshell Mat Honan’s iPhone, iPad and MacBook were all rendered unusable after his iCloud account was hacked. After speaking with Apple for some time, Honan discovered that one of the hackers – armed with personal information on Honan – had phoned Apple, impersonating the journalist, and gained the account password after answering a handful of security questions.
Clearly, this got a lot of iDevice owners worried about the security of their own iCloud account. After a while, Honan was able to regain access to his accounts (Gmail and Twitter came under fire, too), but the ease of the hack itself is somewhat disturbing. Honan writes in his article:
But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.
Ultimately, Honan’s experience has led many of us to question the security of cloud-based services like Apple’s iCloud. If we’re indeed moving towards a cloud-powered computing experience (just look at the flagship MacBook Air if you think offline computing is the future), security must be upped and cases such as Honan’s must cease if companies like Apple want users’ cloud-accounts to remain “open.”
Be sure to take a look at the Wired article, and share your comments below.