Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Apple and Starbucks are two of the world’s most trusted companies, but their reputations were recently tarnished thanks to some novice cybersecurity mistakes. Both setup systems that could have allowed hackers to break into customers' accounts by repeatedly trying different passwords, a procedure commonly known as a “brute force” attack. The mistake both firms made was in not employing the simple tactic of automatically locking accounts after several failed attempts to enter a password. Last week it was revealed such tactics allowed thieves to steal money from users of Starbucks' mobile app. In 2014, an investigation around the publishing of nude photos of celebrities taken from their iCloud storage accounts, identified that intruders could access Apple’s Find My iPhone app by continually trying different login details. In order to protect against this type of attack, many sites block login after a given number of incorrect attempts. The system can then go into a permanent lock-out mode (where the user must perform a lock-out procedure, such as calling the hosting company to verify their account), or lock out for a given time (known as the hold-down time).
Buchanan, W. J. (2015). Apple and Starbucks could have avoided being hacked if they'd taken this simple step
Publication Date | May 19, 2015 |
---|---|
Deposit Date | Aug 7, 2015 |
Publicly Available Date | May 15, 2017 |
Keywords | Apple; Starbucks; cybersecurity; brute force attack; password lockout; |
Public URL | http://researchrepository.napier.ac.uk/id/eprint/8778 |
Apple And Starbucks Could Have Avoided Being Hacked If They'd Taken This Simple Step
(674 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by-nd/4.0/
Apple and Starbucks could have avoided being hacked if they\'d taken this simple
(406 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by-nd/4.0/
Securing IoT: Mitigating Sybil Flood Attacks with Bloom Filters and Hash Chains
(2024)
Journal Article
An omnidirectional approach to touch-based continuous authentication
(2023)
Journal Article
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
Apache License Version 2.0 (http://www.apache.org/licenses/)
Apache License Version 2.0 (http://www.apache.org/licenses/)
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search