Exploit Allows Users to Continue to Compromise Apple Users' Passwords
March 22, 2013 3:32 PM
comment(s) - last by
All that's needed to reset a password is a user's AppleID, date of birth, and email
Apple, Inc. (
), a company
infamous for weak security
brazen arrogance regarding its safety
, has been in the spotlight for the wrong reasons of late. Its policies last year allowed
a huge hack
on Gizmodo blogger and prize-winning journalist Mat Honan, whose Apple accounts were compromised via lax password recovery features.
The hack caused Apple to embark on
a series of security changes
, which made it harder for remote users to retrieve a password that possibly wasn't theirs. The latest step was to install two-step verification, a new process that sends a code to your device.
Apple began rolling out the new two-step authentication (
users' Apple IDs
this week. Users can
Apple's 2-step ID verification.
But unfortunately Apple's own "
" tool remains online, which allows you to reset a user's password that hasn't upgraded to enable two-step validation. All that is needed is a user's Apple ID, email, and date of birth (the Apple ID arguably being the hardest to obtain, but potentially gained through phishing or other methods).
If you have a list of a person's past addresses (freely available via a variety of private investigator databases), you can get a user's Apple ID via a secondary recovery form on the page.
Use the first and last name, plus past addresses to recover the AppleId.
Use the email, recovered AppleID, and birth date to reset the password.
[Image Source: 9 to 5 Mac]
The exploit was
9 to 5 Mac
with the above description of the exploit, pointing curious folks on where to go to try it out.
In an update
reveals more bad news. The site's Chris Welch writes:
Yesterday a number of users were told they'd need to wait three days before enabling two-step verification. As a result, these accounts are fully vulnerable to the exploit. As of right now, the only surefire way these individuals can avoid the security threat is by change their birthdate on Apple's account settings page.
Changing your birthdate to a fake date would stymie users who snagged your birthdate from various public databases or social media sites like Facebook, Inc. (
9 to 5 Mac
This article is over a month old, voting and posting comments is disabled
This place is a joke.
3/23/2013 9:04:04 PM
I've been here for about a month and that's about all I care to see. This place is an absolute joke. It seems 9 out of 10 people here sit around waiting on an article relating to Apple just so they have a forum to berate them, the products they make, and sadly even the people who own them. In just a few weeks I've seen Apptard, Apphole, Macolyte, Apphead... I swear it's like I'm back in 5th grade. I look for decent comments after an article and all I see are a bunch of infantile rejects. Just in the last week I've seen the same person post 10 times all anti-Apple... What's the point? Do you feel better about your phone, or yourself? Do you just have that much time on your hands. It's a phone. Nothing more, nothing less. Anyway, enough is enough, last article for me, I'm out. Enjoy your future Apple hating and good luck with you lives, losers.
RE: This place is a joke.
3/23/2013 9:08:07 PM
And the Apple people do it as well. Don't let the door hit you on the way out loser!
RE: This place is a joke.
3/23/2013 10:14:23 PM
If you say that iOS has great hardware and apps, "bias". If you say that WP has a great UI, "lol WP".
The Android defense brigade here is loud and strong. I was on Android for years until I sold my Nexus 4, and I have no problem saying that it still has a lot of problems. I don't know if they have an inferiority complex or battered housewife syndrome. It is obnoxious for sure.
RE: This place is a joke.
3/24/2013 3:57:18 PM
Apple's of the biggest companies in the world, why should they be except from criticism? Much of it is 100% deserved anyway.
Android fans are becoming increasingly annoying though. I do think it's pretty odd how people get so protective of the OS their phone happens to be using.
"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates
Apple, Amazon Change Security Policies After Hack Attack on Journalist
August 8, 2012, 12:00 PM
Apple, Amazon's Weak Security Allows Huge Hack of Gizmodo Reporter
August 7, 2012, 12:28 PM
Apple to Update iTunes with iCloud Integration, Music Sharing
June 28, 2012, 5:07 PM
Kaspersky Labs: Apple's Security 10 Years Behind Microsoft
April 26, 2012, 7:39 AM
Mac Gets The Girl In New Anti-Microsoft Ad
May 13, 2009, 9:33 AM
New Photos Show “Assembled” iPhone 6, Protruding Camera Ring
August 20, 2014, 2:32 PM
ZTE Nubia 5S mini LTE 4.7" Smartphone Headed to U.S. for $280 Unlocked
August 20, 2014, 10:37 AM
AT&T Will Also Receive the HTC One (M8) for Windows
August 19, 2014, 9:27 PM
Sharp's "Edge-to-Edge" AQUOS Crystal Smartphone Coming to Sprint for $239 Off-Contract
August 19, 2014, 7:31 PM
After 34 Years With Microsoft, Steve Ballmer Parts Way to Focus on LA Clippers
August 19, 2014, 4:17 PM
HTC One (M8) for Windows Officially Announced for Verizon Wireless
August 19, 2014, 12:15 PM
Most Popular Articles
Lumia 830 Gets Major Upgrades Including New 20.1 Megapixel Toshiba Sensor
August 15, 2014, 6:00 PM
Windows Phone, BlackBerry Smartphone Market Share Falls to 2.5%, 0.5% Respectively
August 15, 2014, 9:44 AM
GM Concedes That the Cadillac ELR Doesn’t Really Compete with the Tesla Model S
August 15, 2014, 5:42 PM
Cell Phone Thief Calls 911 After Her Victim Chases Her and Her Male Cohort
August 14, 2014, 12:11 PM
Smarter Wired, Wireless Chargers Set to Shake Up Mobile Industry
August 14, 2014, 6:39 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information