科技创新!
Apple users targeted by annoying 'Reset Password' attack
Some Apple users are reportedly being targeted by a sophisticated attack, requesting them to hand over their Apple ID credentials over and over again.
According to KrebsonSecurity, the attack starts with unsuspecting Apple device owners getting dozens of system-level messages, prompting them to reset their Apple ID password. If that fails, a person pretending to be an Apple employee will call the victim and try to convince them into handing over their password.
SEE ALSO: Apple confirms dates for WWDC 2024This is exactly what happened to entrepreneur Parth Patel, who described their experience on Twitter/X. First, all of Patel's Apple devices, including their iPhone, Watch, and MacBook, started displaying the "Reset Password" notifications. After Patel clicked "Don't Allow" to more than one hundred requests, the fake Apple Support called, spoofing the caller ID of Apple's official Apple Support line. The fraudster Apple employee actually knew a lot of Patel's real data, including email, address, and phone number, but they got their name wrong, which had confirmed Patel's suspicions that they were under attack.
Tweet may have been deleted
While the attack was ultimately unsuccessful in this example, it's easy to imagine it working. The victim might accidentally allow the password reset (mistakes are easy to happen when you have to click on something hundreds of times), or they could fall for the fairly convincing, fake Apple Support call.
Patel's example isn't isolated, either; KrebsonSecurity has details on a very similar attack that happened to a crypto hedge fund owner identified by his first name, Chris, as well as a security researcher identified as Ken. In Chris' example, the attack persisted for several days, and also ended with a fake Apple Support call.
How did the attackers know all the data needed to perform the attack, and how did they manage to send system-level alerts to the victims' phones? According to KrebsonSecurity, the hackers likely had to get a hold of the victim's email address and phone number, associated with their Apple ID. Then they used an Apple ID password reset form, that requires an email or phone number, alongside a CAPTCHA, to send the system-level, password reset prompts. They also likely used a website called PeopleDataLabs to get information on both the victim and Apple employees they impersonated.
But there could also be a bug in Apple's systems, which should in theory be designed not to allow someone to abuse the password reset form and send dozens of requests in a short period of time (Apple did not respond to KrebsonSecurity's request for comment).
Related Stories
- I used the Apple Vision Pro on a flight to Costa Rica — and it was chaotic
- Apple confirms dates for WWDC 2024
- Apple, Google, and Meta are being investigated by the EU under new Big Tech regulation
- Apple might finally let you freely customize Home Screen icons on iPhone
- Vulnerability found in Apple's Silicon M-series chips – and it can't be patched
It appears that there's no easy or foolproof way to protect oneself from such an attack at this time, save from changing one's Apple ID credentials and tying them to a new number and email. It's hard to tell how widespread this attack is, but Apple users should be vigilant and triple-check the authenticity of any password reset request, even if it appears to come from Apple itself.
For on spammers and scammers, check out Mashable's series Scammed, where we help you navigate a connected world that’s out for your money, your information, or just your attention.
友链
外链
互链
Copyright © 2023 Powered by
Apple users targeted by annoying 'Reset Password' attack-燕尔新婚网
sitemap
文章
74
浏览
585
获赞
218
热门推荐
Facebook removes QAnon Pages and Groups for inauthentic behavior
Facebook announcedon Tuesday that it had taken down a network of Pages, Groups, and accounts for cooStormy Daniels talks Donald Trump in '60 Minutes' interview
This was it. The moment an entire nation (well, except perhaps one guy) was waiting for, and it didSteve Jobs' really bad job application up for auction
An original job application from late Apple co-founder Steve Jobs is up for auction.RR Auction CompaMan perfectly responds to a Twitter request made by a woman 7 years ago
Exchanges like this are what Twitter was made for.SEE ALSO: 19 of the funniest BrWatch kids pull their teeth out with drones and weapons
Kids are really pulling some strings these days. When baby teeth become loose, they usually fall outApple finally allows third
Apple's driving app that connects your iPhone to your car's infotainment system, CarPlay, has long fUse of Facebook for news declines, while WhatsApp incrases
With all the hot water Facebook has been in for the role of news on its platform, it looks like theMagic Leap's headset finally has a ship date
After almost four years of hype and billions of dollars in funding, Magic Leap finally has a ship daThe dark side of college
College-bound vloggers are increasingly uploading "college decision reveal" videos to YouTube. But wFacebook lets some group admins charge members for access
You already give Facebook your data, so why not throw a little cold, hard cash into the mix as well.Snapchat and Instagram drop Giphy for allowing racist GIFs
UPDATE: March 10, 2018, 2:25 p.m. EST Giphy released a statement to Mashable apologizing for the offEven Fox News is embarrassed by this rap video made by Utah lawmakers
Millennial advisory warning: this video features corny imagery, subpar rhythm, and men who resembleYouTube will allow creators to monetize coronavirus videos—with a few exceptions
YouTube has once again changed its policies on coronavirus content.The Google-owned video giant annoLogan Paul says he's going to fight YouTuber KSI in boxing match
While we don't condone violence, plenty of people out there on the internet would love to see someonLyft acquires Motivate, a bike
Lyft says its new bike-share program will revolutionize urban transportation. The only problem? Uber