Apple exposed a major flaw in its own iCloud security last week when it allowed a random person to call up and reset the password for Wired editor Matt Honan's iCloud account. This gave the hacker the ability to take control and remotely wipe all of Honan's Mac and iOS devices.
To ensure the same thing doesn't happen again, Apple has now suspended iCloud password resets over the telephone, according to an unnamed employee speaking to Wired. This was confirmed by AppleCare:
Our Apple source's information was corroborated by an Apple customer service representative, who told us Apple was halting all AppleID password resets by phone. The AppleCare representative shared that detail while Wired was attempting to replicate Honan's hackers' exploitation of Apple's system for the second day. The attempt failed, and the representative said that the company was going through system-wide "maintenance updates" that prevented anyone from resetting any passwords over the phone.
The freeze will reportedly remain in place until Apple has determined which security policies it needs to change to prevent a repeat of this situation. "Right now, our system does not allow us to reset passwords," the Apple rep said. "I don't know why."
The rep then advised Wired to call back again in 24 hours, and directed them to iforgot.apple.com, where passwords can be reset online.
It's clear Apple has acknowledged that there is an issue with its current system, then, but it's not clear at this point what the Cupertino company will do to rectify that. It could be that it disables password resets over the telephone altogether, forcing users to use its website. Or it could put extra security measures in place to ensure that callers are indeed the real owner of the accounts they're attempting to access.
When Honan's account was compromised, all the hacker needed to reset the password over the telephone was a name, email address, mailing address and the last four digits of a credit card number linked to his AppleID. Once Honan's password reset, the hacker gained access to his iCloud account, and all of his Mac and iOS devices linked to it — which were then wiped remotely.
The account also gave the hacker access to Honan's Google account — which was also wiped — his Twitter account, and even Gizmodo's Twitter account, where Honan previously worked. Apple is now working with Honan in an effort to recover his data.
Add magic to your living space with these string lights
String lights add personality and soft light to your living space. Here are some of the best.
Disguise your little one with the help of a themed costume
From avocado halves to hoppy bunnies, costumes speak to every child's unique spirit. And we've collected our favorite options.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
Illustrate your brilliant ideas on the best whiteboards
Teaching, training, and brainstorming represent a fraction of activities that involve a lot of writing and erasing. What better medium to use than a whiteboard? We have a collection of some of the best whiteboards available today.