{"id":2828,"date":"2010-07-04T23:08:58","date_gmt":"2010-07-04T22:08:58","guid":{"rendered":"http:\/\/www.itwriting.com\/blog\/2828-itunes-hacks-whose-fault-are-they.html"},"modified":"2010-07-04T23:08:58","modified_gmt":"2010-07-04T22:08:58","slug":"itunes-hacks-whose-fault-are-they","status":"publish","type":"post","link":"https:\/\/www.itwriting.com\/blog\/2828-itunes-hacks-whose-fault-are-they.html","title":{"rendered":"iTunes hacks: whose fault are they?"},"content":{"rendered":"<p>A big story today concerns irregular activity on Apple\u2019s iTunes store, the one and only means of purchasing applications for iPhone and iPad and central to the company\u2019s strategy. The <a href=\"http:\/\/thenextweb.com\/apple\/2010\/07\/04\/app-store-hacked\/\" target=\"_blank\">reports<\/a> allege that developers are hacking iTunes accounts to purchase and give favourable review to their apps \u2013 which can only be a short term strategy since you would imagine that such activity would soon be detected and the perpetrators traced through the payment system.<\/p>\n<p>As it happens I\u2019d been meaning to post about iTunes security in any case. I <a href=\"http:\/\/www.itwriting.com\/blog\/2647-itunes-user-has-account-hacked-loses-access-to-his-own-purchases.htm\" target=\"_blank\">blogged about an incident<\/a> just over a month ago, since when there have been a steady stream of comments from other users who say that their iTunes accounts were hacked and fraudulent purchases made. <\/p>\n<p>A recent comment refers to <a href=\"http:\/\/garysaid.com\/is-my-apple-itunes-account-hacked\" target=\"_blank\">this thread<\/a>, started over a year ago and now with over 200 comments from similarly afflicted users.<\/p>\n<p>Despite the number of reported incidents, there is no reason to suppose that Apple\u2019s servers have been broken into. Several other mechanisms are more likely, including malware-infected computers on which users may have stored passwords, or have keystrokes logged; or successful attempts to guess passwords or the answer to so-called \u201csecurity questions\u201d which also give access to account details.<\/p>\n<p>Such questions should be called insecurity questions, since they are really designed to reduce the burden on helpdesks from users who have lost passwords or access to obsolete email accounts. Since they allow access to accounts without knowing the password, they reduce security, and even more so when the questions are for semi-public information like mother\u2019s maiden name, which is commonly used.<\/p>\n<p>Given the number of iTunes accounts, it is not surprising that there are numerous successful hacks, whether or not there is some issue (other than the insecurity questions) with iTunes or Apple\u2019s servers. <\/p>\n<p>That said, there is a consistent theme running through all these threads, which is that Apple\u2019s customer service towards victims of hacking seems poor. Contact is email-only, users are simply referred to their banks, Apple promises further contact within 24 hours that is often not forthcoming, and there are reports of users losing access to credit or previous purchases. It was an instance of the latter which prompted my earlier post.<\/p>\n<p>Apple therefore should fix its customer service, even if its servers are watertight. I\u2019d like to see it lose the insecurity questions too.<\/p>\n<p><a href=\"http:\/\/www.itwriting.com\/blog\/wp-content\/uploads\/2010\/07\/image.png\"><img loading=\"lazy\" decoding=\"async\" style=\"border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px\" title=\"image\" border=\"0\" alt=\"image\" src=\"http:\/\/www.itwriting.com\/blog\/wp-content\/uploads\/2010\/07\/image_thumb.png\" width=\"404\" height=\"227\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A big story today concerns irregular activity on Apple\u2019s iTunes store, the one and only means of purchasing applications for iPhone and iPad and central to the company\u2019s strategy. The reports allege that developers are hacking iTunes accounts to purchase and give favourable review to their apps \u2013 which can only be a short term &hellip; <a href=\"https:\/\/www.itwriting.com\/blog\/2828-itunes-hacks-whose-fault-are-they.html\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">iTunes hacks: whose fault are they?<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,47,48],"tags":[158,501,510,810],"class_list":["post-2828","post","type-post","status-publish","format-standard","hentry","category-apple","category-iphone","category-itunes","tag-apple","tag-iphone","tag-itunes","tag-security"],"_links":{"self":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/2828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/comments?post=2828"}],"version-history":[{"count":0,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/2828\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/media?parent=2828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/categories?post=2828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/tags?post=2828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}