Cloud Security Doubts Are Growing And, In A Way, That's A Good Thing
- Created: Monday, 06 August 2012 21:38
The Steve Wozniak quotes sound a little flaky, and Wozniak is not famous for being grounded. But this is the cofounder of Apple, a visionary talking.
"I really worry about everything going to the cloud,” Wozniak reportedly said at a public appearance. “I think it's going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.”
More disturbing is the account of tech reporter Mat Honan, who writes for Wired and used to write for Gizmodo. This is a sophisticated techie who got hacked hard.
“At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash,” Honan said in his personal blog, where he first reported the incident. “My password was a seven digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years.”
In an update, Honan said the hacker contacted him, and that he also had figured out how, in the space of an hour, the hacker hijacked his Google account and then deleted it, posted racist, homophobic tweets to his Twitter account, and -- worst of all -- remotely wiped all his data from his iPhone, iPad, and MacBook Air laptop.
“I know how it was done now,” Honan said. “Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.”
According to Honan, the hacker first got access to his Amazon account and saw the last four digits of his credit card. The hacker then called Apple and used those four digits to get Apple customer service to waive the security questions needed to confirm his identity.
The hacker, I would guess, told Apple customer service that he was Mr. Honan and that he could prove by giving them the last four digits of the card he had on file at Apple. Something like that.
“Apple tech support gave the hackers access to my iCloud account,” Honan said in his most post on the affair on Wired. “Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.”
Security stories will dominate the headlines for months to come. It’s a good thing because to make the cloud work for us everyone is going to have to take security more seriously, including Apple’s customer service people. Not to pick on Apple; just about all customer service departments at big companies would handle such an issue the same way.
Just as society went from smoking cigarettes everywhere in the early 1980s to treating smokers like second-class citizens today, we will have to change our attitudes fast about security. While we all complain about being forced to use strong passwords or other nuisances associated with security, we will all have to adjust to security hassles.