2. WHO IS MAT HONAN?
Senior Writer at Wired
honan.net
@mat
Thursday, December 13, 12
3. WHAT HAPPENED?
• Amazon.com Account Compromised
• Apple / iTunes Account Compromised
• Gmail Hacked
• Mac Wiped
• iPhone Wiped
• Twitter Account Stolen
Thursday, December 13, 12
4. TIMELINE
• 4:33 p.m. Attacker calls Apple support, requests a reset without being able to answer the security questions. Reset email sent.
Data Required: E-mail address (website, Gmail), credit card number (via Amazon), billing address (whois).
• 4:50 p.m. Reset email arrives to me.com email, and sent to trash. Email then used to to set a new password.
• 4:52 p.m. Gmail password reset sent to me.com email. Attacker resets Gmail password, then notice email is sent to me.com.
• 5:00 p.m. iCloud’s Find My tool used to wipe Mat’s iPhone.
• 5:01 p.m. iCloud’s Find My tool used to wipe Mat’s iPad.
• 5:02 p.m. Twitter password reset email sent. Attacker sets a new Twitter password.
• 5:05 p.m. iCloud’s Find My tool used to wipe Mat’s MacBook Pro.
• 5:10 p.m. Mat calls Apple Care.
• 5:12 p.m. Attacker posts to Twitter. with Mat’s account.
Thursday, December 13, 12
5. FAILURES
• Amazon accounts can be easily compromised.
• Apple Care doesn’t enforce security questions.
Thursday, December 13, 12
6. WHAT’S REALLY NEEDED?
• Do you need remote wipe?
• Do you need to store credit cards?
• Do you need public whois info?
Thursday, December 13, 12
7. DO: BACKUP
• Consider both local snapshots and off-site backup options
• Time Machine (Mac) or Windows Backup (PC)
• Carbonite, BackBlaze, Mozy are some of the off-site options
• Test / Verify Backups
Thursday, December 13, 12
8. DO: SETUP 2ND EMAIL
• Consider a second email, one with a
different prefix.
• Consider second factor authentication
• Different (stronger) password
Thursday, December 13, 12
9. FOLLOWUP: AMAZON
• Amazon updated their policy, removing the option for over-
the-phone account settings changes (credit cards, emails, etc.)
Thursday, December 13, 12
10. FOLLOWUP: APPLE
• “We found that our own internal policies
were not followed completely.” - Apple
• Apple suspends password change
requests via the phone
Thursday, December 13, 12
11. MORE INFO
• Wired: http://www.wired.com/gadgetlab/
2012/08/apple-amazon-mat-honan-hacking/
• Security Now:
http://twit.tv/show/security-now/364
• Wired: http://www.wired.com/gadgetlab/
2012/11/ff-mat-honan-password-hacker/all/
Thursday, December 13, 12
12. COMMENTS?
@mavrck
bill@billcondo.com
Thursday, December 13, 12