[ad_1]
Apple users are the target of a new attack aimed at taking over all of their devices.
It’s possible that the attackers are exploiting a flaw in Apple’s password reset mechanism, but we can’t say anything for sure at this point.Apparently, the attacker will sooner or later intentionally or accidentally reset the password after the user makes constant password reset requests.[許可]It seems to be active in the expectation that you will tap .
If that doesn’t work, the attacker calls the victim from a spoofed number that looks like an Apple number. Then tell them that your account has been attacked and that Apple wants you to “verify” your one-time code.
If Patel had entered the one-time password, he may have lost access to his account and data.
Another user named Chris had a similar experience in February. He received 30 notices of his at the same time and rejected them all, but the attack attempts continued for several days afterward. Chris then received a call from an attacker claiming to be from Apple, but Chris said he would call him back. He then dialed Apple’s phone number and was told no one was calling him.
In the wake of this episode, Chris resets all his passwords and gets a new iPhone, but while in the Apple Genius Bar, more alerts appear on his new iPhone. That’s when it occurred to him that the attacker was probably using an Apple user’s phone number to launch the attack.
“I said I would call back and hung up. When I called back to the real Apple, they couldn’t say if anyone was on the support call with me at the time. Apple made it clear that was never the case. Initiate an outbound call to the customer unless the customer requests contact. ” – Chris
The final incident mentioned in the report was reported by Ken. He said he started seeing these suspicious alerts on his Apple gadgets earlier this year and that an Apple engineer gave him his key to an Apple recovery to stop the notifications.
This optional security feature is designed to improve the security of your Apple ID account. When enabled, the standard account recovery process is disabled. However, if you lose your key, you are permanently locked out of all your devices.
Ken has enabled the recovery key, but he still receives unsolicited system alerts on all his Apple devices every few days.
It’s puzzling that Apple’s authentication system allows anyone to instantly send numerous password change requests to a device, especially if the first request goes unanswered. There may be a bug in Apple’s systems, but the company has not said anything about the attack so far.
[ad_2]
Source link
