08-07-12 01:25 PM
46 12
tools
  1. apengue1's Avatar
    What about BB protect where you can also remotely wipe a device just with a bb Id?
    08-05-12 05:09 PM
  2. _StephenBB81's Avatar
    I still do not see this a a platform issue. Regardless of what happened ultimately, the breakdown here was one of operational controls in place in the customer service area.

    That is a human failure and that human failing essentially gave away the keys to the house.

    If the individual were able to execute this "hack" independent of the assistance of a person at Apple THEN and only then could this be purely considered a platform failure.
    my issue fully stems from how much can be done once a single password is compromised.

    on a fully integrated platform a single password grants the user access to basically wipe out a person. as I was saying with Filmgirl there needs to be more layers.
    a single brute force and everything is gone for a user.
    08-05-12 05:12 PM
  3. _StephenBB81's Avatar
    What about BB protect where you can also remotely wipe a device just with a bb Id?
    You'd need to break the users email address to gain access to BB protect,

    and BB protect would wipe a single device, this user had his iPhone/iPad/MacBook wiped, which could be a users entire electronic life, all data and backups would be inside that MacBook,
    08-05-12 05:15 PM
  4. dentynefire's Avatar
    BlackBerry Protect can reset your password. It won't let you know the userID but if you know yours it will let you do a password reset using your email address. AFAIK there is no customer suport for it. You either have the info or you don't that simple.
    08-05-12 05:26 PM
  5. Branta's Avatar
    Would it be out of place to speculate that there is no love lost between Apple and Gizmodo after the stolen iPhone fiasco? A route into Gizmodo's twitter would be a gift like free beer for life to Apple. I'm not suggesting this could be dirty tricks from Cupertino, just noting a strange coincidence with only weeks to go before Apple's next launch.
    08-05-12 05:31 PM
  6. fragment137's Avatar
    This made me laugh quite a bit, lol...

    I think there's more than one issue here.. I read the other article (of the opposite situation from the OP) and I think what it shows is that a better system for identity verification must be employed. Voice recognition software, visual confirmation of identity, or whatever... but SOMETHING that makes the identity of the customer un-doubt-able. For an intruder to call, get around (or through) security questions and get into someones account is just.... down right scary to think about...

    Now, that being said... One should always use security questions that only they themselves know the answer to...
    08-05-12 08:57 PM
  7. southlander's Avatar
    With each new iPhone activation apple should just issue an optional rsa security fob like I have with my bank. It generates a random 6 digit code every minute whose randomness pattern as I understand it is linked to the fobs serial number.

    Then anyone that needs to do a wipe needs not just a password but also the code which differs minute to minute.

    If you do stuff that matters store your fob after activating it on icloud.

    Sent from my flip-phone.
    08-05-12 10:55 PM
  8. Blackberry_boffin's Avatar
    This wasn't about device security. The phone was not hacked.
    Yes.
    The service was duped, which is actually worse.
    08-06-12 07:56 AM
  9. Mr.Willie's Avatar
    You'd need to break the users email address to gain access to BB protect,

    and BB protect would wipe a single device, this user had his iPhone/iPad/MacBook wiped, which could be a users entire electronic life, all data and backups would be inside that MacBook,
    Every good Mackie has a Time Machine backup. I believe iCloud backups are iOS only.


    This made me laugh quite a bit, lol...

    I think there's more than one issue here.. I read the other article (of the opposite situation from the OP) and I think what it shows is that a better system for identity verification must be employed. Voice recognition software, visual confirmation of identity, or whatever... but SOMETHING that makes the identity of the customer un-doubt-able. For an intruder to call, get around (or through) security questions and get into someones account is just.... down right scary to think about...

    Now, that being said... One should always use security questions that only they themselves know the answer to...
    One shouldn't use security questions, they are a security violation, unfortunately most sites and services require them. The guy 'hacked' was a semi public figure, how much of his information is available on FB or a simple Bing search ? It can be quite easy to answer some people's security questions. The clown also linked a business account with a personal account (Twitter). That's just pure laziness.

    Life would be simpler if users would simply use good passwords and not forget their passwords. See, I just solved 80% of the worlds problems.
    08-06-12 08:20 AM
  10. kbz1960's Avatar
    ^^^^ brilliant. Now get everyone to do that.
    08-06-12 08:44 AM
  11. xandermac's Avatar
    Would it be out of place to speculate that there is no love lost between Apple and Gizmodo after the stolen iPhone fiasco? A route into Gizmodo's twitter would be a gift like free beer for life to Apple. I'm not suggesting this could be dirty tricks from Cupertino, just noting a strange coincidence with only weeks to go before Apple's next launch.
    Expose a customer support fiasco right before launching your new product? That sounds a bit more like RIM Australia marketing than Apple.
    08-06-12 10:26 AM
  12. pilsbury's Avatar
    Expose a customer support fiasco right before launching your new product? That sounds a bit more like RIM Australia marketing than Apple.
    Bwhahahahaha . Uh oh, now you've done it.
    08-06-12 06:42 PM
  13. LazyStarGazer's Avatar
    I'm glad a weakness has been exposed, and that it involved a public figure, which opened up debate.

    Now they'll make it better.
    Users win.
    08-06-12 08:22 PM
  14. smoothrunnings's Avatar
    Very interesting story here:

    Apple allowed a hacker to wipe users iOS devices

    I know the typical Apple user doesn't give a single thought to device security when making their purchase, but might they if they wake up to a wiped device?

    And what about those companies giving in to the BYOD movement? Perhaps RIM's security is valuable after all?

    We'll see...
    Just remember every story had three sides to it. Only hearing one side I would have say Apple might have some security flaws they themselves need to work on but it's not going to stop them from stealing more of RIM's clients.
    08-06-12 09:12 PM
  15. xandermac's Avatar
    The full story. Very interesting. Gmail 2 factor authentication could have prevented the exploit in this case. Strange that Google provide that additional layer of security when people think Google are the most insecure.

    How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com
    08-07-12 06:51 AM
  16. qbnkelt's Avatar
    Why be concerned? Security doesn't matter. It's only geeks wearing foil hats who worry about this. Who cares if pictures of auntie Mabel get out. Unless something happens to me I don't care.
    kbz1960 likes this.
    08-07-12 08:37 AM
  17. xandermac's Avatar
    Why be concerned? Security doesn't matter. It's only geeks wearing foil hats who worry about this. Who cares if pictures of auntie Mabel get out. Unless something happens to me I don't care.
    Are you implying that security doesn't concern me? I apologize if that is the message you inferred. It does concern me. The security of the device itself isn't the issue here though, its the security of Apple and Amazon, and to a lesser extent Google. The procedures for password recovery/Account access need to be reviewed at all these companies (and any company that uses challenge/response as a means to ID verification).

    A lot of people (Blackberry users included) have an Apple ID, they use it for iTunes, they're all vulnerable to this attack. Wiping of the devices was a secondary (albeit nasty) goal to the attackers primary goal of exploiting the victims twitter.

    If Apple and Amazon fix the primary problems it will have the effect of fixing the device access/wipe risk also.

    I wouldn't gloat though, I doubt it would be impossible to exploit a BBID in this way also.
    Last edited by xandermac; 08-07-12 at 09:06 AM.
    08-07-12 08:59 AM
  18. qbnkelt's Avatar
    Are you implying that security doesn't concern me? I apologize if that is the message you inferred. It does concern me. The security of the device itself isn't the issue here though, its the security of Apple and Amazon, and to a lesser extent Google. The procedures for password recovery/Account access need to be reviewed at all these companies (and any company that uses challenge/response as a means to ID verification).

    A lot of people (Blackberry users included) have an Apple ID, they use it for iTunes, they're all vulnerable to this attack. Wiping of the devices was a secondary (albeit nasty) goal to the attackers primary goal of exploiting the victims twitter.

    If Apple and Amazon fix the primary problems it will have the effect of fixing the device access/wipe risk also.

    I wouldn't gloat though, I doubt it would be impossible to exploit a BBID in this way also.

    Of the three hightlights above...I didn't quote you before, Xander, because I wasn't speaking of you. Those have all been responses I've received when I've mentioned the importance of security.

    On the second highlighted item, I've got an iTunes account and I've got an iPhone and an iPad. This concerns me personally....

    ...therefore....

    I wasn't gloating. I was, however, sarcastically repeating those things that were mentioned to me each time I've stated that security of device and platform are of paramount importance to me.

    That someone as savvy as a tech blog writer would fall prey to this kind of attack highlights, unfortunately for him, the deficiencies in Apple's platform/customer service. I combine them because customer service supports the platform, therefore although not a functionality of the platform it is by nature inherently linked to it. A platform is only as good as its security and I include the folks who are there to verify your identity when something goes wrong. That would be customer service. Unfortunate that one of Apple's shining attributes, its stellar customer service, would cause such a black eye to the company.

    Will I buy the next iPhone? You bet. Will I throw away my iPad? H3LL no. Does this worry me? Yup.

    So no, this will not harm Apple's ultimate draw for consumers. To secure agencies....let me simply say there are a lot of heads shaking here at work today.
    08-07-12 09:31 AM
  19. xandermac's Avatar
    That someone as savvy as a tech blog writer would fall prey to this kind of attack highlights, unfortunately for him, the deficiencies in Apple's platform/customer service. I combine them because customer service supports the platform, therefore although not a functionality of the platform it is by nature inherently linked to it. A platform is only as good as its security and I include the folks who are there to verify your identity when something goes wrong. That would be customer service. Unfortunate that one of Apple's shining attributes, its stellar customer service, would cause such a black eye to the company.
    It bothers the heck out of me that anyone motivated enough can use a combination of Amazon/Apple to hack my account. Those two companies had better change something real quick before Al Franken get all up their arses.

    As a user, I don't have the option of even suspending those accounts until the vulnerability is fixed and that is disgusting.
    BlackStormRising likes this.
    08-07-12 09:56 AM
  20. gregorylkelly's Avatar
    You'd need to break the users email address to gain access to BB protect,

    and BB protect would wipe a single device, this user had his iPhone/iPad/MacBook wiped, which could be a users entire electronic life, all data and backups would be inside that MacBook,
    This is the biggest thing about this incident! I can't even begin to think about how screwed I would be if I had my phone, tablet, and laptop all wiped at the same time. I back up my work once a week, but even if I only lost 2 days worth of work on my laptop because of this I would be pissed!!

    Guess I'm even happier about using Windows right now
    08-07-12 01:19 PM
  21. xandermac's Avatar
    This is the biggest thing about this incident! I can't even begin to think about how screwed I would be if I had my phone, tablet, and laptop all wiped at the same time. I back up my work once a week, but even if I only lost 2 days worth of work on my laptop because of this I would be pissed!!

    Guess I'm even happier about using Windows right now
    Granted, it is a scary prospect but the person you quoted is incorrect, BB Protect will wipe any device linked to the account (just like the apple system) not just one device (unless thats all you have linked). All devices linked to BB Protect show up at http://protect.blackberry.com/protect and they merely take a click to wipe, just like the Apple system. If someone gains access to your account they can wipe whatever they choose, in Apples case that can be iPhone, iPad, iPod, Mac or whatever you have chosen to link.
    08-07-12 01:25 PM
46 12
LINK TO POST COPIED TO CLIPBOARD