Sci/Tech iCloud hacked: The Dangerous Side Of Apple's iCloud

tom_mai78101

tom_mai78101

The Helper Connoisseur / Ex-MineCraft Host
Staff member
Reaction score
1,712
Apple‘s iCloud service brings a whole raft of services — email, calendar, contacts, ‘Find My iPhone” and cloud storage — and stores them behind a single username and password. This is very convenient, but if that username and password falls into the wrong hands, you can find yourself very quickly in a world of pain.

This is what happened to Mat Honan, former journalist for Gizmodo and former contributing editor to WIRED magazine. Before the hackers gained access to his Twitter account and that of Gizmodo, the hackers first gained access to his iCloud account, where they caused irrevocable havoc.

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password, and then reset it to do the damage to my devices.

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone.
At 5:01 PM, they remote wiped my iPad.
At 5:05, they remote wiped my MacBook Air.
Click to expand...

The end result, is massive devastation.

www.forbes.com

The Dangerous Side Of Apple's iCloud

iCloud (Photo credit: Wikipedia) Apple's iCloud service brings a whole raft of services -- email, calendar, contacts, 'Find My iPhone" and cloud storage -- and stores them behind a single username and password. This is very convenient, but if that username and password falls into the wrong...
www.forbes.com www.forbes.com
 
Last edited by a moderator:
KaerfNomekop

KaerfNomekop

Swim, fishies. Swim through the veil of steel.
Reaction score
613
That's the risk when you connect to a hive mind. The hive can connect to you.
 
SouLEDGE

SouLEDGE

Damn you advanced calculus
Reaction score
75
So I'm assuming he didnt have any physical backups his devices?
That's like having a car and not having insurance.
When will these people learn -_-
 
KaerfNomekop

KaerfNomekop

Swim, fishies. Swim through the veil of steel.
Reaction score
613
Maybe he had physical backups that were also connected to the hive.
 
FireCat

FireCat

Oh Shi.. Don't wake the tiger!
Reaction score
537
SouLEDGE said:
So I'm assuming he didnt have any physical backups his devices?
That's like having a car and not having insurance.
When will these people learn -_-
Click to expand...
QFT

I still can’t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else.
Click to expand...
 
Slapshot136

Slapshot136

Divide et impera
Reaction score
471
the icloud was not hacked - deceptive title

and whoever has 0 backups has no right to whine about data loss - it's as simple as that.
 
phyrex1an

phyrex1an

Staff Member and irregular helper
Reaction score
447
Slapshot136 said:
the weak password of a single user was compromised.
Click to expand...
You're wrong and the article is dated. The victim guessed that his password was brute forced, but this turned out to not be the case. Simplified, the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.

The more complex story involves abusing the different policies used by Amazon and Apple to finally grant access to pretty much everything. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
 
FireCat

FireCat

Oh Shi.. Don't wake the tiger!
Reaction score
537
the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.
Click to expand...
Wow that's pretty scary.
 
Slapshot136

Slapshot136

Divide et impera
Reaction score
471
phyrex1an said:
You're wrong and the article is dated. The victim guessed that his password was brute forced, but this turned out to not be the case. Simplified, the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.
Click to expand...

allow me to repeat myself: 1 password was compromised (amazon), I never claimed that it was via a brute force attack or anything - and after that there was a domino effect because the accounts were too closely linked - there was no hacking involved, only a couple of calls that were more social engineering than anything else
 
phyrex1an

phyrex1an

Staff Member and irregular helper
Reaction score
447
Slapshot136 said:
allow me to repeat myself: 1 password was compromised (amazon),
Click to expand...
But it wasn't compromised because it was weak, which is what you claimed. If you read my post carefully you'll also find that I never said it was you who claimed that a brute force attack was used, nor did I claim that anything else than social engineering was going on.

Just to be clear about the password: The password set by the victim on the Amazon account was never known to the attacker. Instead, the attacker was able to reset the password to a email address of the attackers choice using only the billing address of the victim. Using a stronger password wouldn't have helped.
 
You must log in or register to reply here.
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Ghan Ghan:
    Still lurking
     +3
  • The Helper The Helper:
    I am great and it is fantastic to see you my friend!
     +1
  • The Helper The Helper:
    Here is a great appetizer recipe Texas style! https://www.thehelper.net/threads/recipe-chicken-stuffed-poblano-peppers.194086/
  • The Helper The Helper:
    If you are new to the site please check out the Recipe and Food Forum https://www.thehelper.net/forums/recipes-and-food.220/
  • Monovertex Monovertex:
    How come you're so into recipes lately? Never saw this much interest in this topic in the old days of TH.net
  • Monovertex Monovertex:
    Hmm, how do I change my signature?
  • tom_mai78101 tom_mai78101:
    Signatures can be edit in your account profile. As for the old stuffs, I'm thinking it's because Blizzard is now under Microsoft, and because of Microsoft Xbox going the way it is, it's dreadful.
  • The Helper The Helper:
    I am not big on the recipes I am just promoting them - I use the site as a practice place promoting stuff
     +2
  • Monovertex Monovertex:
    @tom_mai78101 I must be blind. If I go on my profile I don't see any area to edit the signature; If I go to account details (settings) I don't see any signature area either.
  • The Helper The Helper:
    You can get there if you click the bell icon (alerts) and choose preferences from the bottom, signature will be in the menu on the left there https://www.thehelper.net/account/preferences
  • The Helper The Helper:
    I think I need to split the Sci/Tech news forum into 2 one for Science and one for Tech but I am hating all the moving of posts I would have to do
  • The Helper The Helper:
    New dessert for Summer - https://www.thehelper.net/threads/recipe-lemon-blueberry-layer-cheesecake.194113/
  • The Helper The Helper:
    What is up Old Mountain Shadow?
  • The Helper The Helper:
    Happy Thursday!
     +1
  • Varine Varine:
    Crazy how much 3d printing has come in the last few years. Sad that it's not as easily modifiable though
  • Varine Varine:
    I bought an Ender 3 during the pandemic and tinkered with it all the time. Just bought a Sovol, not as easy. I'm trying to make it use a different nozzle because I have a fuck ton of Volcanos, and they use what is basically a modified volcano that is just a smidge longer, and almost every part on this thing needs to be redone to make it work
  • Varine Varine:
    Luckily I have a 3d printer for that, I guess. But it's ridiculous. The regular volcanos are 21mm, these Sovol versions are about 23.5mm
  • Varine Varine:
    So, 2.5mm longer. But the thing that measures the bed is about 1.5mm above the nozzle, so if I swap it with a volcano then I'm 1mm behind it. So cool, new bracket to swap that, but THEN the fan shroud to direct air at the part is ALSO going to be .5mm to low, and so I need to redo that, but by doing that it is a little bit off where it should be blowing and it's throwing it at the heating block instead of the part, and fuck man
  • Varine Varine:
    I didn't realize they designed this entire thing to NOT be modded. I would have just got a fucking Bambu if I knew that, the whole point was I could fuck with this. And no one else makes shit for Sovol so I have to go through them, and they have... interesting pricing models. So I have a new extruder altogether that I'm taking apart and going to just design a whole new one to use my nozzles. Dumb design.
  • Varine Varine:
    Can't just buy a new heatblock, you need to get a whole hotend - so block, heater cartridge, thermistor, heatbreak, and nozzle. And they put this fucking paste in there so I can't take the thermistor or cartridge out with any ease, that's 30 dollars. Or you can get the whole extrudor with the direct driver AND that heatblock for like 50, but you still can't get any of it to come apart
  • Varine Varine:
    Partsbuilt has individual parts I found but they're expensive. I think I can get bits swapped around and make this work with generic shit though
  • Ghan Ghan:
    Heard Houston got hit pretty bad by storms last night. Hope all is well with TH.
  • The Helper The Helper:
    Power back on finally - all is good here no damage
     +2
  • V-SNES V-SNES:
    Happy Friday!
     +1
  • The Helper The Helper:
    New recipe is another summer dessert Berry and Peach Cheesecake - https://www.thehelper.net/threads/recipe-berry-and-peach-cheesecake.194169/

      The Helper Discord

      Staff online

      Members online

      Online now:
      350 (members: 2, guests: 348)

      Share this page

      Affiliates

      Hive Workshop NUON Dome World Editor Tutorials

      Network Sponsors

      Apex Steel Pipe - Buys and sells Steel Pipe.
      Top