Print 43 comment(s) - last by MaulBall789.. on Mar 29 at 9:56 AM

All that's needed to reset a password is a user's AppleID, date of birth, and email

Apple, Inc. (AAPL), a company infamous for weak security and brazen arrogance regarding its safety, has been in the spotlight for the wrong reasons of late.  Its policies last year allowed a huge hack on Gizmodo blogger and prize-winning journalist Mat Honan, whose Apple accounts were compromised via lax password recovery features.  

The hack caused Apple to embark on a series of security changes, which made it harder for remote users to retrieve a password that possibly wasn't theirs.  The latest step was to install two-step verification, a new process that sends a code to your device.

Apple began rolling out the new two-step authentication (FAQ) for users' Apple IDs this week.  Users can go here to apply.

Apple two step
Apple's 2-step ID verification.

But unfortunately Apple's own "iForgot" tool remains online, which allows you to reset a user's password that hasn't upgraded to enable two-step validation.  All that is needed is a user's Apple ID, email, and date of birth (the Apple ID arguably being the hardest to obtain, but potentially gained through phishing or other methods).  

If you have a list of a person's past addresses (freely available via a variety of private investigator databases), you can get a user's Apple ID via a secondary recovery form on the page.

Step 1: Use the first and last name, plus past addresses to recover the AppleId.

Step 2: Use the email, recovered AppleID, and birth date to reset the password.
[Image Source: 9 to 5 Mac]

The exploit was first reported/validated on by The Verge.  9 to 5 Mac went live with the above description of the exploit, pointing curious folks on where to go to try it out.

In an update The Verge reveals more bad news.  The site's Chris Welch writes:

Yesterday a number of users were told they'd need to wait three days before enabling two-step verification. As a result, these accounts are fully vulnerable to the exploit. As of right now, the only surefire way these individuals can avoid the security threat is by change their birthdate on Apple's account settings page.

Changing your birthdate to a fake date would stymie users who snagged your birthdate from various public databases or social media sites like Facebook, Inc. (FB).

Sources: Apple, 9 to 5 Mac, The Verge

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: we go again
By Reclaimer77 on 3/22/2013 7:58:38 PM , Rating: 1
I love it when someone bashes Fox. It allows me to instantly dismiss them as a Liberal, and therefor an idiot, without ever having to find out through a lengthy and frustrating discussion.

Especially those who mimic the populist "Faux" misnomer. Right off the bat tells you he's not only a Liberal moron, but a poser lacking critical thinking. How many of these people actually viewed Fox themselves and formed their own opinion? Very few. Which makes them weak minded.

RE: we go again
By superflex on 3/23/2013 10:44:38 AM , Rating: 2
The bashers of Fox News missed the Pew Research study which found MSNBC was 85% opinion and 15% actual news compared to Fox's 55% opinion and 45% news.
Oh, the horror.

RE: we go again
By Armageddonite on 3/23/2013 11:53:46 AM , Rating: 5
Someone else doing wrong does not redeem one's own misdeeds...a lesson that many devotees of conservative media ignore. Even if someone else is more wrong than you, that doesn't make you right.

That said, I totally ignore Fox News and MSNBC to an equal degree, also the Huffington Post and the Drudge Report, etc. When it comes to news I try to find the most objective perspective available. I rotate between Reuters, CNN and BBC News, and I waste no time on opinion pieces. When it comes to partisan pandering, it's a waste of time...the people who believe it already agree, and the people who don't believe it just ignore it.

RE: we go again
By gmyx on 3/25/13, Rating: 0
“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki