One more thing
Gary Marshall gets serious about security
A few weeks ago, Australian iCloud users woke up to a nasty surprise. Someone had taken over their iCloud accounts, locked them out of their iOS devices and demanded a ransom to unlock them again. The attack turned out to be pretty unsophisticated. Despite initial speculation that the recent eBay password leak was somehow involved, the scam was reportedly a simple phishing scam of the ‘Hello I ams Apple wot is yr passwrd’ variety – but it was enough to turn Apple’s anti-theft measures against the devices’ rightful owners.
If you think that’s bad, imagine being hacked out of your own house.
At WWDC, Apple announced HomeKit, a new framework that puts your iPhone, iPad or iPod touch at the heart of your connected home. In the future you may have smart locks, a smart thermostat, a smart security system or maybe even a smart fridge, and instead of a collection of disparate apps that don’t talk to each other, you’ll be able to create device groups and control the lot with swipes or Siri.
The problem with automation is it exposes devices to potential hacks. In the US, early adopters of connected home technology have found their systems misbehaving thanks to mischievous pranksters. In Japan, the Satis smart toilet turned out to be vulnerable to a security flaw that could enable passers-by to control its water jets and air-drying system.
The thought of a hacked toilet is funny, but the prospect of a hacked home is considerably more serious. The more we connect to our iCloud accounts and the more useful tech such as HomeKit and CarPlay we use, the more important digital security becomes.
It’s clear that many of us don’t take security seriously enough. The hacked iCloud users could have prevented disaster by using strong passwords, enabling two-factor authentication and assuming any officiallooking incoming email was a scam; if their devices were protected with PIN codes or Touch ID, the extortion attempt wouldn’t have worked in the first place. But PIN codes are still seen by many as an unnecessary annoyance, and password reuse is rife – so if someone can con you with a phishing email or phone call, or hack something simple like an online forum, they can use the same password to get into your Amazon or Apple account and do serious damage.
That would be bad enough if passwords were strong, but most people’s aren’t. In 2013, the UK’s favourite password was ‘123456’.