A group of researchers from security firm SensePost just revealed a hack of Apple’s MobileMe service. Rather than demonstrating a weakness in the service, the feat is a model of the sheer doggedness on the part of some hackers.
The three researchers–Haroon Meer, Nick Arvanitis and Marco Slaviero–wanted to find a way to break into the service and attack other users. Here are the steps that they took:
1. Find a person with a MobileMe account who is not careful with their data
The researchers identified a person with a MobileMe account that gave a secondary e-mail for their password reset. By guessing or knowing the person’s me.com e-mail address and finding the person’s data of birth, they could have a password reset e-mail sent to another e-mail address.
2. Intercept the e-mail
The researchers figured out that the e-mail was going to be sent to a Hotmail account. When they checked that account, they found that it has been suspended because of lack of use. They re-registered the account and gained access to the MobileMe password reset message.
3. Reconfigure MobileMe
4. Full access
The researchers then had access to the other person’s account.
This new data poisoning tool lets artists fight back against generative AI
The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models.
Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist
An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.
The Biggest Questions: What is death?
New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.
Driving companywide efficiencies with AI
Advanced AI and ML capabilities revolutionize how administrative and operations tasks are done.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.