2024-03-27 18:26:00
![[단독]National Intelligence Service, replacing more than 100 executives… personnel changes around August and September](https://i3.wp.com/dimg.donga.com/wps/NEWS/IMAGE/2024/07/17/125980715.2.jpg?w=220&resize=220,150&ssl=1 "[단독]National Intelligence Service, replacing more than 100 executives… personnel changes around August and September")
iPhone users are reporting a new wave of attacks on devices: in the new method, hackers are exploiting a weakness in Apple’s password reset system to steal device passwords and penetrate the private information of iPhone users.
The phishing attack is carried out by sending a remote request to reset the device’s password, but serially. The owner of the device receives a huge number of messages asking him if he is the one who requested the password reset and blocking his ability to use the device until he replies to all of them. The senders of the messages hope that when scrolling through all the messages the user’s finger will slip and he will accidentally confirm the reset.
According to reports from people who experienced the attack, after rejecting all the messages, he was called by an impostor who presented himself as an Apple representative. The same caller claimed that an attempt was being made to hack into the device and asked him to read him the code that appears on the iPhone screen and allows remote access to the data.
The attackers made a led high effort focused attack on me, using OSINT data from People Data Labs and caller ID spoofing.
First, around 6:36pm yesterday all of my Apple devices started blowing up with Reset Password notifications.
Because these are Apple system level alerts,… pic.twitter.com/vX1AZvoVoN
— Parth (@parth220_) March 23, 2024
The new attack, which users call the “Push attack”, can attack not only iPhones but also other Apple devices such as iPads and Mac computers. “I had to close 100 push messages to get back to using my device,” reported a user on the X network. “The messages also appeared on my phone, watch and laptop.”
In order for the hackers to carry out the breach, they also need the username of the user’s iCloud account and their phone number – details they obtain from large online databases that collect data about users. The combination with the ability to call the user and pretend to be a representative of Apple at this stage limits the intent of the attack to the US only.
Apple has not yet commented on the cases, but experts claim that the bug used for hacking is one that is relatively easy to treat. According to them, this is an attack that is not technologically sophisticated and focuses more on Apple’s lack of attention in building its password reset system.
Did you find a language mistake?
#method #hack #iPhones #push #attack #prevents #of..
