1. Forum
  2. Usenet
  3. MISC.PHONE.MOBILE.IPHONE

  • phony password reset issue

    From *Hemidactylus*@21:1/5 to All on Thu Mar 28 16:12:34 2024
    https://www.theregister.com/AMP/2024/03/27/apple_passcode_attack/

    “Apple device owners, consider yourselves warned: a targeted multi-factor authentication bombing campaign is under way, with the goal of exhausting iUsers into allowing an unwanted password reset.”

    https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/

    “Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being
    used until the recipient responds “Allow” or “Don’t Allow” to each prompt.
    Assuming the user manages not to fat-finger the wrong button on the
    umpteenth password reset request, the scammers will then call the victim
    while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.”

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan Browne@21:1/5 to All on Thu Mar 28 18:39:12 2024
    On 2024-03-28 12:12, *Hemidactylus* wrote:
    https://www.theregister.com/AMP/2024/03/27/apple_passcode_attack/

    “Apple device owners, consider yourselves warned: a targeted multi-factor authentication bombing campaign is under way, with the goal of exhausting iUsers into allowing an unwanted password reset.”

    https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/

    “Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.
    Assuming the user manages not to fat-finger the wrong button on the
    umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.”

    That's an interesting attack profile. Hopefully Apple come up with some
    way to dilute it to non-effect.

    --
    “Patriotism is when love of your own people comes first;
    nationalism, when hate for people other than your own comes first.”
    - Charles de Gaulle.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)