That creates a situation where a user becomes vulnerable to their account being locked even if they had no intention of setting a recovery key or were already managing it securely. What’s not acceptable is allowing a thief with nothing more than a stolen iPhone’s passcode to set or reset a recovery key. Apple is clear about how creating a recovery key puts additional responsibility on the user, but that’s an acceptable trade-off for a technically savvy, organized user. The problem is that once the thief sets or resets a recovery key, it becomes the only way to regain access to an Apple ID account once the password has been lost-Apple says it can no longer help through its usual account recovery process. Apple has responded sympathetically but hasn’t helped-or been able to help-users get back into their accounts. In short, the thief can lock the victim out of their iCloud account, possibly permanently, preventing access to precious photos and more. In another article (paywalled) and accompanying video, Nguyen and Stern now explore the ramifications of what happens when a passcode thief changes the user’s Apple ID recovery key, which is again doable with nothing more than the iPhone passcode. In the first article, they showed how a shoulder-surfing thief could discover a user’s passcode, steal their iPhone, and change their Apple ID password to disable Find My before making purchases with Apple Pay, accessing passwords in iCloud Keychain, and scanning through Photos for pictures to aid in identity theft (see “ How a Thief with Your iPhone Passcode Can Ruin Your Digital Life,” 26 February 2023). Tech reporters Nicole Nguyen and Joanna Stern of the Wall Street Journal are back with a follow-up on their exposé of Apple’s problematic iPhone security design decisions. How a Passcode Thief Can Lock You Out of Your iCloud Account, Possibly Permanently #1658: Rapid Security Responses, NYPD and industry standard AirTag news, Apple's Q2 2023 financials.#1659: Exposure notifications shut down, cookbook subscription service, alarm notification type proposal, Explain XKCD.#1660: OS updates for sports and security, Drobo in bankruptcy, why TidBITS doesn't cover rumors.#1661: Mimestream app for Gmail, auto-post WordPress headlines to Twitter and Mastodon, My Photo Stream shutting down.#1662: New Macs, 12 top OS features for 2023, vertical tabs in Web browsers, watchOS 9.5.1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |