The future is now. Our devices are interconnected, and that linking where everything can access everything is wonderful. But it turns out there’s a dark side, too: All that connectivity makes it much easier for an attacker to compromise all our data, no matter where it is. Wired’s Mathew Honan learned this the hard way over the weekend, as a hacker not only gained access to his devices, but also wiped all the data from them causing a fair bit of mayhem along the way.
As Honan reported on his blog, he was hacked hard. And the attacker didn’t use complicated algorithms to brute force his way into Honan’s accounts. Instead, the hacker reportedly called up Apple’s technical support line, pretended to be Honan, and successfully provided answers to Honan’s self-selected security questions—the very ones Apple asks of all iCloud customers, to ensure that their accounts are secure. (We contacted Apple to confirm that account of events, but the company hasn’t responded.) [Update: Honan has said via Twitter that the hacker did not provide security question answers, but rather compromised the account in a different way.]
That’s a technique called “social engineering,” which takes advantage of what is often seen to be the weakest link in the security chain: other people. Even the most secure password in the world can be compromised if you can convince the person on the other end of a phone line that you’re the account holder in question.
Merely having his Twitter and Gmail accounts compromised, and the data on his iPad, iPhone, and Mac wiped out would be bad enough for Honan (who, we should note, is a former Macworld editor). What made matters worse in Honan’s case was the fact that he lacked any backups for more than a year’s worth of data.
The take-home lesson for the rest of us, then, is that our security is multi-faceted. There are many steps you can take to keep your data secure, and some important questions you might want to consider before you sign up for new services or add new devices.
Secure that password!
Any password can be compromised (especially given enough time or inclination). But a secure password is still your first line of defense. Using common data like a birthday or a child’s name can be guessed by anyone who has access to your Facebook profile. And yet, past password leaks have shown that many users still rely on inane passwords like ‘1234’ or even just the word ‘password.’ Those are in many cases as ineffective as having no password at all.
A good password has two important qualities. First, unlike the aforementioned passwords, it’s hard to guess, meaning that somebody has to either trick a person into revealing their password, or perform what’s called a brute-force attack—essentially, trying every possible password until they hit upon the correct one.
Read more: http://www.macworld.com/article/1168035/security_in_the_icloud_age.html#lsrc.rss_main
There are no comments for this article.