Imagine having your phone, tablet and computer wiped, followed by email accounts hacked and deleted, taking with them nearly your whole digital life. This would be a devastating loss for anyone, but it happens on a fairly regular basis. In the past few months alone, there have been two similar instances, both involving Apple, that’s making users wonder just how safe and secure Apple’s and other companies’ products really are.
Here’s a brief overview of the two high profile Apple security breaches and seven steps you should take to prevent these from affecting you.
Mat Honan’s problem
Mat Honan is a writer for Wired, who in early August had nearly his whole digital life wiped off the map. His article on Wired is a fantastic and scary read, we highly recommend it. To summarize, he had the majority of his website accounts linked together, with one account linked to many. Hackers were able to get into his iCloud account by taking advantage of Apple’s lax password reset.
To begin with, the hacker wanted to take Honan’s Twitter account. They noticed that he had a Gmail account linked to Twitter, and from there was able to find that an Apple account was linked to the Gmail account, as a secondary account. To get access to the Apple account, they reset the password, which requires a billing address and the last 4 digits of the card registered to that account. The card number came from hacking into Honan’s Amazon account, which shows the last 4 digits of the card.
From there, it was a simple step of resetting the Apple account and shortly thereafter the Gmail password, sending the Gmail reset to the registered Apple account address (the secondary address on the Gmail account). Once in control of the Gmail account, asking Twitter to reset the password using the Gmail account and Bob’s your uncle, the hacker had access to the Twitter account.
Apple UDID leaks
In early September infamous hacker group Antisec, related to the hacker group Anonymous, released over 1 million Apple UDIDs. A UDID, Unique Device Identifier, is the code Apple applies to all devices to be able to identify them. Upon the release of the UDIDs, Antisec announced that they had come from a breached laptop, owned by the FBI, and that the FBI was using the UDIDs to track users.
While it’s not known exactly where the breach came from, security experts have been able to prove, to a 98% surety rate, that the UDIDs came from Blue Toad, an app developer that had a digital breach previous to the release of the UDIDs. Blue Toad’s CEO has come forward acknowledging the leak and noted that the company is sure the info came from them, and not the FBI.
While it can be alarming that UDID were out there, users can be assured that passwords were not exposed, as the UDID tends to store information like account name, phone number and address. Yes, contact information is out there, which might raise concerns, but don’t kid yourself, this information, or most of it, is already readily available on the Internet anyway.
With these two, fairly serious incidents, iPhone users are right to be a little wary, and should be taking steps to insure their information is secure. Related to these two events, here’s seven steps you can take to minimize the chances of this happening to you:
- Unlink all essential accounts from one another.
- Set up an email account that’s only used for other account resets.
- Regularly back up all your devices onto a secure hard disk.
- Change your password regularly and use two-factor authentication if available.
- Don’t have the same username or password for all accounts.
- If the information isn’t necessary for your account don’t provide it.
- Delete and never store any credit card numbers.
If you have any questions or concerns about the security of your accounts or systems, please don’t hesitate to call us.
Published on 25th September 2012 by Jeanne DeWitt.