Tuesday, August 7, 2012

How Did Apple Allow Hackers to Access iCloud Account?

apple icloud
The Internet is abuzz last week as a result with the Gizmodo Twitter account getting hijacked. That incident was traced returning to the hack of your Apple iCloud account--allegedly accomplished through social engineering.

A Forbes.com story from Adrian Kingsley-Hughes explains that the former contributor for Gizmodo, Mat Honan, was the original victim in the attack. Hackers could access Honan’s iCloud account, and remotely wipe his iPhone, iPad, and MacBook. The original theory was that the hackers used a brute force attack to crack Honan’s iCloud password, but further investigation said social engineering was applied to convince Apple the attackers were Honan, and Apple gave them the secrets to walk right in.
Color me incredulous!

Why? Well, I have my personal story of Apple woe--and yes it’s the exact opposite experience. I somehow lost access to my own email address for usage on iTunes, iCloud, along with other Apple services, plus it took months of fighting with Apple Support to finally reach the bottom of things and obtain into my own, personal account. I couldn’t get Apple Support to give me access to my very own account, don't worry someone else’s.

I had originally create my Apple ID using my primary current email address. I didn’t possess problem for months, maybe even years. Then, 1 day it simply wouldn’t work. The Apple system claimed it was already being used on another Apple ID account.

I assumed I’d been hacked somehow. It’s my email address. I own the domain. Nobody else may use my email address with a different Apple ID account “on accident”.

Initially, Apple Support directed me to simply use a different email. I did that like a temporary treatment for enable me to access iTunes along with other Apple services, but it was a Gmail address that I created just for that purpose. I don’t use Gmail, and I had no intention of starting, so I was still determined to get my own email address back.

In my experience, Apple security was almost too tight. I tried repeatedly to reset the password for my current email address, though the reset confirmation emails never arrived. The reason? The confirmation emails are delivered to an emergency rescue backup email. I had no idea what account was using my email address contact information, so I had no way of knowing where those emails were being delivered.

No problem. You can also verify your identity to reset your Apple ID by answering security questions. The first one--the gateway to arrive at the actual security questions--is your birth date. I entered my birth date, and the Apple system informed me I was wrong…about my own date of birth.

Every time I’d contact Apple Support I would have the same default answers, and “solutions” that wouldn’t work. Apple Support would explain that my email address contact information was already being used on another Apple ID account, knowning that until it was removed from that account I’d be unable to use it.
Exasperated, I’d explain again that I can’t remove the email from the Apple ID account because I had no idea what the Apple ID account was, or how gain access to it. Eventually, I’d become frustrated and quit. After a couple of months, I’d contact Apple support and try again.

After many conversations and attempts, I finally a breakthrough…sort of. An Apple Support person “cracked” and provided me with an email address from the Apple ID related to my email. It was my wife’s. However, we logged directly into her Apple ID account to remove my email address and found no sign whatsoever from it being there.

Once again, I contacted Apple Support. I explained that I can establish it’s my domain, and I can prove it’s my email, and I asked that my case be escalated to someone able to simply deleting my email address contact information from the other Apple ID forcibly. Then I was told it was actually attached to, or associated with four different Apple IDs, but Apple couldn’t do what I asked. I wasn’t pleased.

I got my email back. After at least a year of attempts, and possibly seven or eight different sessions with Apple Support, one of them finally “slipped” and set it up a crucial amount of information. It turned out that I was the one that stole my own, personal email address.

The email was connected with an Apple “me.com” address. Two of them, actually--and these folks were both mine. I never saw the reset confirmation emails because I’ve never actually used the “me.com” email addresses and I wasn’t set up to get the messages. The date of birth verification and account security questions wouldn’t work, because I never set them up in the first place.

I do recall creating the “me.com” accounts to evaluate some things out, but it wasn’t a challenge immediately. My guess is the fact that Apple changed some rules on the backend after I had used my email address as an alternate contact on these other accounts, and that locked me from using it as my primary email on the Apple ID I actually use.

The bottom line is always that I found Apple Support to be tight-lipped to your fault, and I’m surprised the attackers within the Mat Honan / Gizmodo incident had the ability to social engineer their way into his iCloud account. It took me more than a year to “social engineer” my way into my personal Apple ID.

Perhaps that says more about my deficiency of social engineering skills than it does about Apple security measures, but I can vouch for the fact that accessing someone’s Apple account is no simple feat.

Source : seetechno.com


Powered by Blogger.

Link Friend's

( A )Aan20 | Achinllg | Andiebuytank | Anotherstoryfromme | Anak Nelayan | Arsipanberita | Auto-runs | Autoins21 ( B ) Bestcamera | BANYAKILMU | BlogCenti | Blekenyek | bizril | BUTIKU PALACE | Bayu The Maniac | BLOGGING TUTORIAL | BisAwanG | Blog-adhi | BlogIndonsesia | Business Blog ( C ) Cindybitney | Crunchour | Cah-eleq | Cacainadjourney | Coolkillady | Cyndimac72 | Celebryti | CENTRE-ICE ( D ) DiMensi Berita | Demcyapdiandias ( E ) emie-myrecollection | Eri-communicator | Ebooks Recourses ( F ) Free Toefl | Fraudmamy | faiUnismaMalang | Freedommessage ( G ) Geekymother | GaMinGtV | Goceng's Blog | Gitarkeren | GET REAL RICH | Gratistutorialebook ( H ) Haiabrakadabra | Hasannudin | Healthupyourlife ( I ) Tips dan Trik Komputer | Infobiznisonliner | Indulge! by veronizm | Internazionale Milan And Indonesian Culture | IRMAGI BLOG | Idonbiu ( J ) Jurassicparktoys | Jigalbigal | Joshlynreyn | John Thor ( K ) Katiebug05 | KALTENG004 | Kualatungkalboy | Kolom-tutorial ( L ) Louisdizon | Lulu-bitz-and-pieces ( M ) Muatringtone | Masih-berharap - N - ( O ) Obamainthewhitehouse | OJIENLING | O-OM ( P ) Pinkflower9978 | Perawatan-ac | Psikologizone | Pelangihorison - Q - ( R ) Rewangz | Raini-aikidoka | RETAPNP | RAKEARTS | Rokoksalemforex | rklivengood1128 | Rachmattullah ( S ) SAngMilyader | Saif569 | selfesteemblogforwomen | Sproutkzoo | sinay blog | SIJAGUR | So-bat ( T ) Tipspack | TUKAR INFO | TECHZEST | texaswithlove1982 | Timontius P | Tukar Link dan Promosi Website ( U ) Unmyst3 ( V ) VIJAY SUPERSTAR | Visitindonesianow | View the world | Vestpension ( W ) Weisse-schokolade | Welcomemynewblog | Winecountryconcepts | World of Cricket | World Health Medicine ( X ) Xander ( Y ) Yudhi-xiii | Yezdibooo - Z - zeppoawards


Copyright © . Technology | Android Tablet | Computer | Apps - Posts · Comments
Theme Template by BTDesigner · Powered by Blogger