Very interesting.. We normally focus only on device level security.. Now this is another example that human and process level security is equally important and should be taken equally seriously if not more. Especially, in case of Apple ID which is now almost equivalent to your almost all digital life and even includes credit card as a bonus.
This means that we have to take our security codes and question/answers for manual verifications also equally seriously. It is very much clear that call center agents need more process and clarity to verify individuals. Can't apple use Siri to add voice based recognition? or even better, ask users to submit their video snippets thru face time and as part of security verification automatically start iPhone/iPad's face time, record users visuals and match it reference face time video. further extending this.. add simple facetime contact and use it for all customer service options.
Nothing is complete security and if someone wants, they can come up and circumvent process to gain access to your data or your digital life.. it is just that, how important you are for them or how lucky or unlucky you are..
Apple tightens security in wake of user’s hack
Journalist’s data was stolen, all his accounts lost
By Jeremy C. Owens
jowens@mercurynews.com
Apple will alter its system for allowing users to change the password to their account after a hacker managed to gain access to a journalist’s Apple account and wreak havoc on his digital life.
The Cupertino tech giant announced the change Wednesday, five days after well-known tech journalist Mat Honan posted a blog explaining that a hacker had gained access to his AppleID using the final four numbers of his credit card account, which he had gleaned from Amazon. An Apple spokeswoman said the company would temporarily block password changes through over-the-phone customer support, and strengthen the system when it comes back online.
The hacker managed to remotely erase all of Honan’s content fromhis iPad, iPhone and MacBook, as well as gain access to Honan’s Gmail account, his Twitter account and the account of his former employer, Gizmodo.“In the space of one hour, my entire digital life was destroyed,” Honan said in a follow-up report for his current employer, Wired. The hacker was able to use a partial credit card number visible through Amazon to persuade Apple customer support to change the password on Honan’s AppleID account to one only the hacker — pretending to be Honan on the phone — knew.
“What happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s,” Honan wrote in the Wired piece, adding, “The very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.” Apple spokeswoman Natalie Kerris said Wednesday that the company has “temporarily suspended the ability to reset AppleID passwords over the phone.” “We’re asking customers who need to reset their password to continue to use our online iForgot system,” Kerris added. “When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.”
Contact Jeremy C. Owens at 408-920-5876; follow him at Twitter.com/ mercbizbreak.
This means that we have to take our security codes and question/answers for manual verifications also equally seriously. It is very much clear that call center agents need more process and clarity to verify individuals. Can't apple use Siri to add voice based recognition? or even better, ask users to submit their video snippets thru face time and as part of security verification automatically start iPhone/iPad's face time, record users visuals and match it reference face time video. further extending this.. add simple facetime contact and use it for all customer service options.
Nothing is complete security and if someone wants, they can come up and circumvent process to gain access to your data or your digital life.. it is just that, how important you are for them or how lucky or unlucky you are..
Apple tightens security in wake of user’s hack
Journalist’s data was stolen, all his accounts lost
By Jeremy C. Owens
jowens@mercurynews.com
Apple will alter its system for allowing users to change the password to their account after a hacker managed to gain access to a journalist’s Apple account and wreak havoc on his digital life.
The Cupertino tech giant announced the change Wednesday, five days after well-known tech journalist Mat Honan posted a blog explaining that a hacker had gained access to his AppleID using the final four numbers of his credit card account, which he had gleaned from Amazon. An Apple spokeswoman said the company would temporarily block password changes through over-the-phone customer support, and strengthen the system when it comes back online.
The hacker managed to remotely erase all of Honan’s content fromhis iPad, iPhone and MacBook, as well as gain access to Honan’s Gmail account, his Twitter account and the account of his former employer, Gizmodo.“In the space of one hour, my entire digital life was destroyed,” Honan said in a follow-up report for his current employer, Wired. The hacker was able to use a partial credit card number visible through Amazon to persuade Apple customer support to change the password on Honan’s AppleID account to one only the hacker — pretending to be Honan on the phone — knew.
“What happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s,” Honan wrote in the Wired piece, adding, “The very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.” Apple spokeswoman Natalie Kerris said Wednesday that the company has “temporarily suspended the ability to reset AppleID passwords over the phone.” “We’re asking customers who need to reset their password to continue to use our online iForgot system,” Kerris added. “When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.”
Contact Jeremy C. Owens at 408-920-5876; follow him at Twitter.com/ mercbizbreak.
No comments:
Post a Comment