Wales

Hack attack on US journalist via Apple iCloud

A journalist has been cut off from his whole digital life by attackers who tricked Apple support into re-setting his iCloud account.The iCloud service co-ordinates everything a customer does on one Apple device to make it available on all their Apple devices.

 

The attack wiped US technology journalist Mat Honan's iPad, iPhone and Macbook and let hackers into his Gmail and Twitter accounts.

Mr Honan is recovering his data and regaining control of the accounts with the help of Apple and Google.

Commentators said the attack showed up the risk of using cloud-based messaging services.

On his blog, Mr Honan said he became aware of the problem when his iPhone went dead and then returned to the set-up screen. He assumed it was just a software error and went to connect it to his Macbook Air to restore the data.

The laptop then started and asked him for a PIN – even though he had never created one on that device. He turned to his iPad and found that had also been reset.

Mr Honan then called Apple support using his wife's iPhone and used her laptop to sign into Gmail. The password for this had been changed and the backup sent to his iCloud account – to which he no longer had access.

It was this attack, said Mr Honan, that produced the rude messages that briefly appeared on the Twitter account of Gizmodo – Mr Honan's employer. The attackers got access to this account because it was linked to his personal Twitter feed.

Mr Honan has been able to find out exactly what happened because one of his attackers, a member of a hacking group called Clan Vv3, got in touch and told him how they did it.

The hackers called Apple technical support and used social engineering techniques to convince staff that they were Mr Honan and that the account needed to be re-set.

Via Gizmodo, Mr Honan has been in touch with contacts at Apple, Google and Twitter who have helped restore access to his accounts. He said Apple was investigating the incident to see how to prevent future attacks.

Derrick Harris at tech news site GigaOm said the attack highlighted some "hard truths" about cloud-based services. Consumers give up control over their digital lives when they sign for iCloud or similar services, he said. "If we want to be part of it, we just have to keep on trusting our providers to keep us safe," he added.

Written by

Tim Mitchell

In partnership with