Skip to Content
Uncategorized

Going All In on MobileMe

An attack on the service shows how convoluted some hacks can become.
July 31, 2009

A group of researchers from security firm SensePost just revealed a hack of Apple’s MobileMe service. Rather than demonstrating a weakness in the service, the feat is a model of the sheer doggedness on the part of some hackers.

The three researchers–Haroon Meer, Nick Arvanitis and Marco Slaviero–wanted to find a way to break into the service and attack other users. Here are the steps that they took:

1. Find a person with a MobileMe account who is not careful with their data

The researchers identified a person with a MobileMe account that gave a secondary e-mail for their password reset. By guessing or knowing the person’s me.com e-mail address and finding the person’s data of birth, they could have a password reset e-mail sent to another e-mail address.

2. Intercept the e-mail

The researchers figured out that the e-mail was going to be sent to a Hotmail account. When they checked that account, they found that it has been suspended because of lack of use. They re-registered the account and gained access to the MobileMe password reset message.

3. Reconfigure MobileMe

Using the reset link, they gained access to the victim’s MobileMe account. They then reconfigured it, adding their own iPhone to the account before returning the log-in credentials to the original password. Finally, they change the name of their iPhone to a JavaScript command, so that it executes every time the victim logs into MobileMe.

4. Full access

The researchers then had access to the other person’s account.

Like Sarah Palin, users that use simple password recovery clues or allow too much information to be displayed in their online profiles could be vulnerable to attack. But the MobileMe specific issues–such as the ability to send Javascript code as a Phone name- have now been fixed, according to the researchers.

Deep Dive

Uncategorized

Our best illustrations of 2022

Our artists’ thought-provoking, playful creations bring our stories to life, often saying more with an image than words ever could.

How CRISPR is making farmed animals bigger, stronger, and healthier

These gene-edited fish, pigs, and other animals could soon be on the menu.

The Download: the Saudi sci-fi megacity, and sleeping babies’ brains

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. These exclusive satellite images show Saudi Arabia’s sci-fi megacity is well underway In early 2021, Crown Prince Mohammed bin Salman of Saudi Arabia announced The Line: a “civilizational revolution” that would house up…

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.