Late yesterday both Amazon and Apple implemented emergency actions to close off the loopholes than led to Mat Honan’s scandalously easy hacking. Wired reports that Amazon’s customer privacy policies were changed, closing he gaps that had been exploited in the Honan case:
Previously, Amazon allowed people to call in and change the email address associated with an Amazon account or add a credit card number to an Amazon account as long as the caller could identify him or herself by name, email address and mailing address — three bits of personal information that are easily found online.
At the same time Apple, tacitly acknowledging the problem, imposed a 24-hour freeze on over-the-phone iCloud password changes, as reported in The Verge. According to the report, this breathing space is being used to buy more time to decide just what can be done to improve security.
It’s a start. But Honan’s case illustrates the vulnerabilities we all face as more and more of our life is recorded on the internet. As an example, the almost universal reliance on those last four digits of a credit card as some form of identity.
Yesterday I bought some groceries. Clearly printed on the receipt was the type of card, the last four numbers, the issue date and the expiry date. These are all items used for identification purposes when making purchases on the internet. Put them all together, add in a bit of sleuthing (many of these receipts end up in household waste in front of the relevant address, alongside correspondence bearing the full name and address) and we have the potential for disaster.