While the vulnerability didn't allow the researchers to make unauthorized purchases, it did grant them access to data stored on iCloud. Such access could result in a mass deletion of data stored in iCloud, much like the attack suffered by Wired journalist Matt Honan, who witnessed his entire digital life dissolve before his eyes.
While the vulnerability didn't allow the researchers to make unauthorized purchases, it did grant them access to data stored on iCloud. Such access could result in a mass deletion of data stored in iCloud, much like the attack suffered by Wired journalist Matt Honan, who witnessed his entire digital life dissolve before his eyes.The hackers used a technique called social engineering - which typically implies gaining access to sensitive information by calling tech support - to reset Honan's iCloud password and gain access to his account. From there, they reset the passwords for other online accounts, deleting data along the way. Honan contends that if he had two-factor verification, the hackers would've been limited in their efforts.Two-factor verification is a security method growing in popularity among larger tech enterprises. Such security systems are designed to prevent hackers from gaining access to data by requiring users to carry a trusted device - say, a cell phone - which can receive a specialized code to use alongside the user's typical password.As ElcomSoft notes, the problem with Apple's two-step verification is that the system does nothing to protect a user's iCloud and iOS backup data. That data just simply isn't protected by Apple's two-step program. All a hacker needs to do to access this information is an Apple ID and the account's corresponding username."This is easy to verify; simply log in to your iCloud account, and you'll have full information to everything stored there without being requested any additional logon information," ElcomSoft CEO Vladimir Katalov said in a company post.It could entirely be that Apple rushed its two-factor verification system out in response to the very public attack on Honan. That or, as Ars Technica notes, Apple could simply be taking the path of user over that of user security.That would put the company at odds with Google, another tech giant with a two-factor verification program. Google's two-step verification program is far more robust, allowing users to log into their Google accounts through a variety of applications while maintaining tightened security. To do this, Google's two-factor verification system generates application-specific passwords for users to enter in addition to their password, which makes logging in more complicated."... Apple's approach in implementing two-factor authorization does not look like a finished product," Katalov said. "It's just not as secure as one would expect this solution to be."
journalist Matt Honan recently carried out an in which he liked everything he saw on Facebook over a period of 48 hours. As we know, Facebook algorithms tailor what you see according to your activity. Honan reported that his newsfeed “took on an entirely new character in a surprisingly short amount of time”.