HACKING MAT HONANBill Condo // 12/12/2012

Thursday, December 13, 12

WHO IS MAT HONAN?

Senior Writer at Wired

honan.net@mat

Thursday, December 13, 12

WHAT HAPPENED?

• Amazon.com Account Compromised

• Apple / iTunes Account Compromised

• Gmail Hacked

•Mac Wiped

• iPhone Wiped

• Twitter Account Stolen

Thursday, December 13, 12

TIMELINE• 4:33 p.m. Attacker calls Apple support, requests a reset without being able to answer the security questions. Reset email sent.

Data Required: E-mail address (website, Gmail), credit card number (via Amazon), billing address (whois).

• 4:50 p.m. Reset email arrives to me.com email, and sent to trash. Email then used to to set a new password.

• 4:52 p.m. Gmail password reset sent to me.com email. Attacker resets Gmail password, then notice email is sent to me.com.

• 5:00 p.m. iCloud’s Find My tool used to wipe Mat’s iPhone.

• 5:01 p.m. iCloud’s Find My tool used to wipe Mat’s iPad.

• 5:02 p.m. Twitter password reset email sent. Attacker sets a new Twitter password.

• 5:05 p.m. iCloud’s Find My tool used to wipe Mat’s MacBook Pro.

• 5:10 p.m. Mat calls Apple Care.

• 5:12 p.m. Attacker posts to Twitter. with Mat’s account.

Thursday, December 13, 12

FAILURES

• Amazon accounts can be easily compromised.

• Apple Care doesn’t enforce security questions.

Thursday, December 13, 12

WHAT’S REALLY NEEDED?

•Do you need remote wipe?

•Do you need to store credit cards?

•Do you need public whois info?

Thursday, December 13, 12

DO: BACKUP

• Consider both local snapshots and off-site backup options

• Time Machine (Mac) or Windows Backup (PC)

• Carbonite, BackBlaze, Mozy are some of the off-site options

• Test / Verify Backups

Thursday, December 13, 12

DO: SETUP 2ND EMAIL

• Consider a second email, one with a different prefix.

• Consider second factor authentication

• Different (stronger) password

Thursday, December 13, 12

FOLLOWUP: AMAZON

• Amazon updated their policy, removing the option for over-the-phone account settings changes (credit cards, emails, etc.)

Thursday, December 13, 12

FOLLOWUP: APPLE

• “We found that our own internal policies were not followed completely.” - Apple

• Apple suspends password change requests via the phone

Thursday, December 13, 12

MORE INFO

• Wired: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

• Security Now: http://twit.tv/show/security-now/364

• Wired: http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/

Thursday, December 13, 12

COMMENTS?

@mavrck

bill@billcondo.com

Thursday, December 13, 12