- I still do not see this a a platform issue. Regardless of what happened ultimately, the breakdown here was one of operational controls in place in the customer service area.
That is a human failure and that human failing essentially gave away the keys to the house.
If the individual were able to execute this "hack" independent of the assistance of a person at Apple THEN and only then could this be purely considered a platform failure.
on a fully integrated platform a single password grants the user access to basically wipe out a person. as I was saying with Filmgirl there needs to be more layers.
a single brute force and everything is gone for a user.08-05-12 05:12 PMLike 0 -
and BB protect would wipe a single device, this user had his iPhone/iPad/MacBook wiped, which could be a users entire electronic life, all data and backups would be inside that MacBook,08-05-12 05:15 PMLike 0 - BlackBerry Protect can reset your password. It won't let you know the userID but if you know yours it will let you do a password reset using your email address. AFAIK there is no customer suport for it. You either have the info or you don't that simple.08-05-12 05:26 PMLike 0
- BrantaRetired Network ModWould it be out of place to speculate that there is no love lost between Apple and Gizmodo after the stolen iPhone fiasco? A route into Gizmodo's twitter would be a gift like free beer for life to Apple. I'm not suggesting this could be dirty tricks from Cupertino, just noting a strange coincidence with only weeks to go before Apple's next launch.08-05-12 05:31 PMLike 0
- This made me laugh quite a bit, lol...
I think there's more than one issue here.. I read the other article (of the opposite situation from the OP) and I think what it shows is that a better system for identity verification must be employed. Voice recognition software, visual confirmation of identity, or whatever... but SOMETHING that makes the identity of the customer un-doubt-able. For an intruder to call, get around (or through) security questions and get into someones account is just.... down right scary to think about...
Now, that being said... One should always use security questions that only they themselves know the answer to...08-05-12 08:57 PMLike 0 - With each new iPhone activation apple should just issue an optional rsa security fob like I have with my bank. It generates a random 6 digit code every minute whose randomness pattern as I understand it is linked to the fobs serial number.
Then anyone that needs to do a wipe needs not just a password but also the code which differs minute to minute.
If you do stuff that matters store your fob after activating it on icloud.
Sent from my flip-phone.08-05-12 10:55 PMLike 0 -
-
This made me laugh quite a bit, lol...
I think there's more than one issue here.. I read the other article (of the opposite situation from the OP) and I think what it shows is that a better system for identity verification must be employed. Voice recognition software, visual confirmation of identity, or whatever... but SOMETHING that makes the identity of the customer un-doubt-able. For an intruder to call, get around (or through) security questions and get into someones account is just.... down right scary to think about...
Now, that being said... One should always use security questions that only they themselves know the answer to...
Life would be simpler if users would simply use good passwords and not forget their passwords. See, I just solved 80% of the worlds problems.08-06-12 08:20 AMLike 0 - Would it be out of place to speculate that there is no love lost between Apple and Gizmodo after the stolen iPhone fiasco? A route into Gizmodo's twitter would be a gift like free beer for life to Apple. I'm not suggesting this could be dirty tricks from Cupertino, just noting a strange coincidence with only weeks to go before Apple's next launch.08-06-12 10:26 AMLike 0
- I'm glad a weakness has been exposed, and that it involved a public figure, which opened up debate.
Now they'll make it better.
Users win.08-06-12 08:22 PMLike 0 - Very interesting story here:
Apple allowed a hacker to wipe user�s iOS devices
I know the typical Apple user doesn't give a single thought to device security when making their purchase, but might they if they wake up to a wiped device?
And what about those companies giving in to the BYOD movement? Perhaps RIM's security is valuable after all?
We'll see...08-06-12 09:12 PMLike 0 - The full story. Very interesting. Gmail 2 factor authentication could have prevented the exploit in this case. Strange that Google provide that additional layer of security when people think Google are the most insecure.
How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com08-07-12 06:51 AMLike 0 -
A lot of people (Blackberry users included) have an Apple ID, they use it for iTunes, they're all vulnerable to this attack. Wiping of the devices was a secondary (albeit nasty) goal to the attackers primary goal of exploiting the victims twitter.
If Apple and Amazon fix the primary problems it will have the effect of fixing the device access/wipe risk also.
I wouldn't gloat though, I doubt it would be impossible to exploit a BBID in this way also.Last edited by xandermac; 08-07-12 at 09:06 AM.
08-07-12 08:59 AMLike 0 - Are you implying that security doesn't concern me? I apologize if that is the message you inferred. It does concern me. The security of the device itself isn't the issue here though, its the security of Apple and Amazon, and to a lesser extent Google. The procedures for password recovery/Account access need to be reviewed at all these companies (and any company that uses challenge/response as a means to ID verification).
A lot of people (Blackberry users included) have an Apple ID, they use it for iTunes, they're all vulnerable to this attack. Wiping of the devices was a secondary (albeit nasty) goal to the attackers primary goal of exploiting the victims twitter.
If Apple and Amazon fix the primary problems it will have the effect of fixing the device access/wipe risk also.
I wouldn't gloat though, I doubt it would be impossible to exploit a BBID in this way also.
Of the three hightlights above...I didn't quote you before, Xander, because I wasn't speaking of you. Those have all been responses I've received when I've mentioned the importance of security.
On the second highlighted item, I've got an iTunes account and I've got an iPhone and an iPad. This concerns me personally....
...therefore....
I wasn't gloating. I was, however, sarcastically repeating those things that were mentioned to me each time I've stated that security of device and platform are of paramount importance to me.
That someone as savvy as a tech blog writer would fall prey to this kind of attack highlights, unfortunately for him, the deficiencies in Apple's platform/customer service. I combine them because customer service supports the platform, therefore although not a functionality of the platform it is by nature inherently linked to it. A platform is only as good as its security and I include the folks who are there to verify your identity when something goes wrong. That would be customer service. Unfortunate that one of Apple's shining attributes, its stellar customer service, would cause such a black eye to the company.
Will I buy the next iPhone? You bet. Will I throw away my iPad? H3LL no. Does this worry me? Yup.
So no, this will not harm Apple's ultimate draw for consumers. To secure agencies....let me simply say there are a lot of heads shaking here at work today.08-07-12 09:31 AMLike 0 - That someone as savvy as a tech blog writer would fall prey to this kind of attack highlights, unfortunately for him, the deficiencies in Apple's platform/customer service. I combine them because customer service supports the platform, therefore although not a functionality of the platform it is by nature inherently linked to it. A platform is only as good as its security and I include the folks who are there to verify your identity when something goes wrong. That would be customer service. Unfortunate that one of Apple's shining attributes, its stellar customer service, would cause such a black eye to the company.
As a user, I don't have the option of even suspending those accounts until the vulnerability is fixed and that is disgusting.BlackStormRising likes this.08-07-12 09:56 AMLike 1 -
Guess I'm even happier about using Windows right now08-07-12 01:19 PMLike 0 - This is the biggest thing about this incident! I can't even begin to think about how screwed I would be if I had my phone, tablet, and laptop all wiped at the same time. I back up my work once a week, but even if I only lost 2 days worth of work on my laptop because of this I would be pissed!!
Guess I'm even happier about using Windows right now08-07-12 01:25 PMLike 0
- Forum
- Other Platforms
- Apple iPhone/iPad
Could this lead to the fall of Apple?
LINK TO POST COPIED TO CLIPBOARD