Gizmodo no image

Published on March 23rd, 2013 | by Gizmodo

0

How Apple’s Password-Reset Security Breach Worked

Yesterday, The Verge uncovered a security breach that allowed malicious users to reset Apple ID passwords with nothing but an email and the user’s birthday . Luckily, the process didn’t leak out in full before the whole thing was patched up, but now iMore was able to reproduce the hack step by step and now it’s sharing details on how the whole thing worked

How Apple's Password-Reset Security Breach WorkedYesterday, The Verge uncovered a security breach that allowed malicious users to reset Apple ID passwords with nothing but an email and the user’s birthday. Luckily, the process didn’t leak out in full before the whole thing was patched up, but now iMore was able to reproduce the hack step by step and now it’s sharing details on how the whole thing worked.

As iMore explains:

And while these URLs are supposed to be generated only after answering security questions, they could be effectively hacked together by performing a reset on your own password, collecting the data, and tweaking it just slightly for someone elses account, thereby letting hackers skip straight from step 3 to step 5.

The security hole is all patched up now, and there’s no evidence to suggest it was ever exploited in the wild, but it’s always fascinating to see how these kind of breaches work. And if you needed just one more reason to go turn on two-step verification, this ought to be it. Let’s hope it’s a long time before something like this pops up again. You can check out iMore to learn more about the specifics. [iMore]

This Article was originally posted in Gizmodo

Tags: , , , , , , , , , , , , , ,


About the Author

Gizmodo

Gizmodo is a technology weblog about consumer electronics. It is part of the Gawker Media network run by Nick Denton and is known for its up-to-date coverage of the technology industry, along with topics as broad as design, architecture, space, and science.



Comments

Back to Top ↑

Automatically Feed Your Blog