Apple and Starbucks could have avoided being hacked if they'd taken this simple step

Buchanan, William J

Authors

Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor

Abstract

Apple and Starbucks are two of the world’s most trusted companies, but their reputations were recently tarnished thanks to some novice cybersecurity mistakes. Both setup systems that could have allowed hackers to break into customers' accounts by repeatedly trying different passwords, a procedure commonly known as a “brute force” attack. The mistake both firms made was in not employing the simple tactic of automatically locking accounts after several failed attempts to enter a password. Last week it was revealed such tactics allowed thieves to steal money from users of Starbucks' mobile app. In 2014, an investigation around the publishing of nude photos of celebrities taken from their iCloud storage accounts, identified that intruders could access Apple’s Find My iPhone app by continually trying different login details. In order to protect against this type of attack, many sites block login after a given number of incorrect attempts. The system can then go into a permanent lock-out mode (where the user must perform a lock-out procedure, such as calling the hosting company to verify their account), or lock out for a given time (known as the hold-down time).

Citation

Buchanan, W. J. (2015). Apple and Starbucks could have avoided being hacked if they'd taken this simple step

Other Type	Newspaper Article
Publication Date	May 19, 2015
Deposit Date	Aug 7, 2015
Publicly Available Date	May 15, 2017
Keywords	Apple; Starbucks; cybersecurity; brute force attack; password lockout;
Public URL	http://researchrepository.napier.ac.uk/id/eprint/8778