© 2024 SDPB Radio
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

How His Life Was Hacked In The Cloud

I spent some time at the Defcon and Black Hat conferences in Las Vegas over the past few weeks listening to hackers describe the myriad security holes and flaws in some of the most popular products and applications that roam free in the online world.

While this experience made me nervous, so far at least I have fared better than writer Mat Honan.

In just one hour, he says, "my entire digital life was destroyed." First, his Google account was taken over and deleted, then his Twitter feed was used to broadcast a racist and homophobic tirade. Then his Apple ID was hacked and the attackers used it to erase all the data on his iPhone, iPad and MacBook. He lost all the photos of his one-year-old daughter.

Yikes.

Mat Honan talks to Morning Edition co-host Renee Montagne

The story, which he detailed at Wired, is interesting and disturbing because it exposes how all the complicated and infuriating security procedures at different companies can be used in concert to break into accounts. Amazon exposed the last four digits of Honan's credit card number. That was enough information to allow the hackers to trick Apple's customer service team into allowing them into Honan's account.

Honan wrote:

"Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification."

But this cautionary tale is about more than particular problems with corporate logins and how they can be leveraged. It's really about the cloud and what happens when all of your data is stored offsite in a remote server you don't own.

Apple, Google, Microsoft and Amazon are all pushing cloud services aggressively. And soon, whether you really want it or not, much of your data is likely to live in the cloud — just like Honan's did.

And if you don't believe Honan that the cloud could create havoc — how about Steve Wozniak? Woz warned an audience in Washington, D.C., this weekend.

As AFP reported:

"I really worry about everything going to the cloud," he said. "I think it's going to be horrendous. I think there are going to be a lot of horrible problems in the next five years."

He added: "With the cloud, you don't own anything. You already signed it away" through the legalistic terms of service with a cloud provider that computer users must agree to.

"I want to feel that I own things," Wozniak said. "A lot of people feel, 'Oh, everything is really on my computer,' but I say the more we transfer everything onto the web, onto the cloud, the less we're going to have control over it."

Update 9:16 p.m. ET: Amazon has reportedly updated its security procedures so it no longer will allow users to change their email address or a credit card number using only a current email, address and name. And Apple has ordered its support staff to immediately stop processing phoned requests to change AppleID passwords, Wired reported.

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Steve Henn is NPR's technology correspondent based in Menlo Park, California, who is currently on assignment with Planet Money. An award winning journalist, he now covers the intersection of technology and modern life - exploring how digital innovations are changing the way we interact with people we love, the institutions we depend on and the world around us. In 2012 he came frighteningly close to crashing one of the first Tesla sedans ever made. He has taken a ride in a self-driving car, and flown a drone around Stanford's campus with a legal expert on privacy and robotics.