Hello and welcome to our weekly travel media and technology bulletin featuring the latest developments on media and technology around the world, published every Tuesday at 06:00 BST.
A Cautionary Tale
A few years ago the digital life of a prominent technology journalist was turned upside down.
The journalist was targeted by a hacker who managed to secure access to his Apple account and remote wipe all of his Apple devices. It took days to recover access to his account and restore his devices.
The security flaw that enabled the attack was not at Apple, but at Amazon. The hacker was able to call Amazon to place a fake credit card number on the target’s account. That was subsequently used to access his Amazon account online to obtain sufficient personal information to target his Apple account.
Amazon quickly fixed the security flaw, but it’s an illustration of how a hacker can exploit one security weakness to send a row of dominoes falling.
In recent years, most major online accounts have two factor authentication (“2FA”) which sends a passcode to your mobile device each time you log in from a new device. It is an extra layer of security, but it is far from infallible.
This is partly because it may encourage complacency such as using the same password across multiple accounts. Most forms of 2FA are a SMS test message and hackers may be able to intercept these. This is what happened to Sean Coonce who lost $100,000 in crypto-currency after being subject to a “SIM port attack” whereby a hacker managed to port his SIM to a new phone. Replete with diagrams Sean illustrates how the hacker secured access to his account, and also his perception of what he thought was happening.
Leaving to one side the merits of investing in crypto-currencies in the first place, it’s also a salutary lesson that vulnerability to security flaws can be exacerbated by perceptions when security is not front of mind.
Back to 2FA, a much stronger form of 2FA is to use a physical Yubikey.
On a related note, the city of Baltimore has been battling with a cyberattack enabled by a tool, not developed in China or Russia, but the US National Security Agency which fell into the wrong hands. (New York Times)
Our weekly Travel Media & Technology Bulletin is published every Tuesday morning at 06:00 BST. If you have any comments or suggestions, please e-mail us at mail [at] londonairtravel.com