Kirra, Coolangatta and Tweed Heads

Belinda McGehan
Thursday 23 October 2014

May I Hack your iCloud, Please?

Or How Not to Stay Safe Online

Many of us will have heard about the recent celebrity nude pic scandal involving a hacked “iCould account”. It got me thinking, “How did this happen?” and, more worryingly, “Could it happen to me, or my friends?”
So, I called my friend and asked, “May I hack your iCloud account, pretty please?”  Not your normal question, I grant you, but not so unusual amongst my tech-obsessed group of friends.  After gaining her permission, off I went. I was keen to discover just how easy, or difficult, the task might be.
First off, I knew she had a few email addresses so I had to narrow it down. I went straight to Google and typed in “find Apple ID.” All I needed to know was her first name, her last name and her current email address. I typed in her various email addresses until I got the response “valid Apple ID”. Bingo!
To reset her password, I could choose the “send email” option, or answer the authentication questions. As I did not have access to her phone or computer (and did not know her email password) I decided to try my luck with the authentication questions.
I looked at the list of questions iCloud poses as security questions. There are 5 to 8 standard questions presented as authentication questions, for example, “What the first movie you saw?”, “Who was your best friend as a teenager?”, “What was your first car?” etc.
Now that I had the questions, what I needed was her answers. What I did next was quite easy; I digitally stalked her. Yep, I went all over her Facebook, Instagram, Tumblr, Linkedin, Google+, Wordpress, Swarm – all of her social media accounts to check the digital footprint she had left behind. Even though I wasn’t her “friend”, her accounts were set to “public” so I had easy access.
One of the big misconceptions about online privacy is that there is no way a person can figure out your age, where you were born, or where you lived if you haven’t disclosed this information yourself.  Big mistake. Big, big mistake! I found friends of hers on Facebook who had written “Happy 20th Birthday” five years ago, so I figured that makes her 25.  She had only posted her day and month of birth on Facebook, but now I had her year of birth as well.
Another post, “OMG, we lived on the same street 20 years ago. Do you remember so and so?”  Her response was “OMG, yes, I lived there until I was 12 and she is still my bestie!”  What about where her parents first met?  Well, as she’s a Gold Coaster, I thought New Zealand might be good a bet to try as her answer. Success!  My second choice would have been the place where she was born as that’s often likely to be place where parents meet.
So, now I have her age, street, best friend, where her parents met and several other relevant details from her social media footprint.  Easy!  Let’s go hack that account. 
In her next column for the Kirra Post, our new technology writer (and expert on all things "Apple") Belinda McGehan, reveals the steps we can take to upgrade the security on our iCloud account and, more generally, help protect our online privacy.