A woman said that soon after her iPhone was stolen, she was locked out of
her Apple account.

Reyhan Ayas said Apple was "not helpful at all" after $10,000 was taken
from her bank account.

She told Insider: "Once someone gets into that security environment, it
turns against you."

Because she had lost access to her Apple account, she was unable to log on
to her MacBook computer. She contacted Apple support, which advised her to
get a new SIM card and a new iPhone. She did so, but was still unable to
access her account.

Over the next 24 hours, $10,000 was taken from Ayas' bank account,
according to a bank statement viewed by Insider. She was advised to open a
new account and transfer all her funds to it.

While visiting an Apple Store in search of support, Ayas said she received
an email from Credit Karma showing an application for an Apple credit card. Another email showed the application had been approved while she was on
hold with Apple-card support.

The support team "was not helpful at all," Ayas said. She then called
Goldman Sachs, which issues Apple's credit cards, and was able to get some help.

Ayas said she was very frustrated at Apple continually asking: "Have you
tried 'Find My iPhone?'"

"Of course, I tried it like minute three, I tried it. Like, this is a joke
to you. My entire life is a shamble, yet you're still asking if I tried
it," she told Insider.

During her most recent conversation with an Apple representative, the representative told Ayas that there was no way to regain access to her
iCloud account.

Alex Argiro, who was an NYPD detective before retiring in 2022, told The Journal that there had been hundreds of similar crimes committed in New
York in the past two years: "Once you get into the phone, it's like a
treasure box."

There have been reports of similar crimes in Austin, Texas; Denver, Boston
and London.


https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <ttgncg$31kbt$1@dont-email.me>, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

A woman said that soon after her iPhone was stolen, she was locked out of
her Apple account.

what she didn't say, or at least that news article didn't mention, is
that the thief watched her tap in her passcode, giving him full access
to the phone plus the ability to change just about everything.

not surprisingly, they don't mention that this is *also* an issue for
android phones and even laptops, both mac and windows.

<https://twitter.com/JoannaStern/status/1629152583934779396>
Something crazy is happening around the country. Thieves are stealing
iPhones�then people�s entire digital + financial lives.

How do they do it? They're watching for passcodes

<https://9to5mac.com/2023/02/24/iphone-passcode-in-public-dangers/>
These thieves often work in groups with one distracting a victim
while another records over a shoulder as they enter their passcode.
Others have been known to even befriend victims, asking them to open
social media or other apps on their iPhones so they can watch and
memorize the passcode before stealing it.

Because she had lost access to her Apple account, she was unable to log on
to her MacBook computer.

she's conflating two different things.

not having access to her apple account only means certain functionality
won't work, such as being able to download new apps or syncing content.

everything else, including logging into the macbook and using various
apps will work as it always has.

During her most recent conversation with an Apple representative, the representative told Ayas that there was no way to regain access to her
iCloud account.

that's not true.

there is a way, however, it's an involved process by design, so that
randos can't do it simply by calling apple and saying 'i forgot my
passcode'.

at a minimum, she would need proof of purchase with the serial number
and a police report, possibly more.

if she bought the macbook directly from apple, they have a record of
the purchase, so she won't need to find a receipt.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-26 17:44, badgolferman wrote:

A woman said that soon after her iPhone was stolen, she was locked out of
her Apple account.

<snip>

https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html

Common denominators in these cases:

1) People using a 4 or 6 digit pin to access their iPhones.
2) Being in public (especially bars)
3) Teams in the bars coordinating to "spy" the PIN entry then steal the
phone.
4) Target iPhones because: once they are in and having a ball, then the
resale value of the stolen phone is quite good.

https://youtu.be/QUYODQB_2wQ (WSJ report).
(The source for the Yahoo article is actually the WSJ story - funny how
you left that out and the "bar" detail in your quotes above.

Solution:
Change your iPhone access to a complex password, and
take care to hide the keyboard when entering your info while in public.

Better solution: use FaceID or TouchID or Watch if you have one to
access the phone.

IOW: This is, as often is the case: A user carelessness issue.

--
“Donald Trump and his allies and supporters are a clear and present
danger to American democracy.”
- J Michael Luttig - 2022-06-16
- Former US appellate court judge (R) testifying to the January 6
committee

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

nospam wrote:

not having access to her apple account only means certain functionality
won't work, such as being able to download new apps or syncing content.

Adults may wish to bear in mind that Apple _will_ lock you out of your
iCloud account if you don't constantly log into it (ask me how I know this) where the walled-garden itself will lock up as shown in my screenshots.

<https://i.postimg.cc/LXzB3Lc0/appleid01.jpg> Apple _forces_ a log in!
<https://i.postimg.cc/ZR5mZ287/appleid07.jpg> Apple fails App Store test
<https://i.postimg.cc/TwN6P0QR/appleid08.jpg> Only Apple requires a login
<https://i.postimg.cc/8k3GQyj4/appleid09.jpg> Apple tracks your activity
<https://i.postimg.cc/hhFNJ5mq/appleid010.jpg> Apps become non functional
<https://i.postimg.cc/nrFHSvby/appleid11.jpg> Apple _forces_ extra logins!
<https://i.postimg.cc/Y9kkj19v/appleid12.jpg> Apple tracking server login

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <tthbkj$je06$1@paganini.bofh.team>, Andy Burnelli <nospam@nospam.net> wrote:

Adults may wish to bear in mind that Apple _will_ lock you out of your
iCloud account if you don't constantly log into it

no they very definitely won't.

they may periodically ask to log in again, which is what happened in
your case, but the account itself is *not* locked.

more importantly, your neglect has nothing to do with this thread,
which are you attempting to hijack into one of your idiotic rants.

meanwhile, google *will* lock you out if you don't constantly log into
it (unless it's configured to use more than just a password). they say
it's a security feature.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-26 20:30, Andy Burnelli wrote:

nospam wrote:

not having access to her apple account only means certain functionality
won't work, such as being able to download new apps or syncing content.

Adults may wish to bear in mind that Apple _will_ lock you out of your
iCloud account if you don't constantly log into it (ask me how I know this) where the walled-garden itself will lock up as shown in my screenshots.

<https://i.postimg.cc/LXzB3Lc0/appleid01.jpg> Apple _forces_ a log in!

How can you be being "forced"...

...if there's a button that says "Not Now"?

<https://i.postimg.cc/ZR5mZ287/appleid07.jpg> Apple fails App Store test

So you're forced to prove that you have the right to download an app.

Got it.

<https://i.postimg.cc/TwN6P0QR/appleid08.jpg> Only Apple requires a login

An assertion is not even support.

<https://i.postimg.cc/8k3GQyj4/appleid09.jpg> Apple tracks your activity

Ibid.

<https://i.postimg.cc/hhFNJ5mq/appleid010.jpg> Apps become non functional

A messaging app requires you to provide an ID.

This is not news.

<https://i.postimg.cc/nrFHSvby/appleid11.jpg> Apple _forces_ extra logins!

You present those screens as if that's the sequence...

...when it is most definitely not.

<https://i.postimg.cc/Y9kkj19v/appleid12.jpg> Apple tracking server login

Again:

If there's a "Cancel", then you're not being "forced".




--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

nospam wrote:

Adults may wish to bear in mind that Apple _will_ lock you out of your
iCloud account if you don't constantly log into it

no they very definitely won't.

Hi nospam,

It took me a while to figure out why the Russians lie so brazenly, but it doesn't take me as long to figure out why you _hate_ everything Apple does.

they may periodically ask to log in again, which is what happened in
your case, but the account itself is *not* locked.

As I said many times, I'm not like you, nospam. I'm normal. I will agree
with any sensible logical statement - where the one above I agree with.

more importantly, your neglect has nothing to do with this thread,
which are you attempting to hijack into one of your idiotic rants.

That statement, nospam, is how I know you own an abnormally low IQ.

While you don't own the IQ to comprehend what I was responding to, and
while you yourself complained recently about snipping to alter context, the topic I was responding to was _clearly_ this verbatim statement, from you.

" not having access to her apple account only means certain functionality
won't work, such as being able to download new apps or syncing content."

*In fact, not only was I perfectly on topic for my response to your*
*claim, nospam, but the fact is that I was _agreeing_ with you nospam.*

And, unlike you ignorant low-IQ iKooks - I backed it up with proof.
(You're just too stupid to comprehend a normal adult conversation, nospam.)

meanwhile, google *will* lock you out if you don't constantly log into
it (unless it's configured to use more than just a password). they say
it's a security feature.

Again, that claim is another indicator of your abnormally low IQ nospam.

First off, it's transparent you're using one of your seven excuses to
apologize for Apple's bad behavior - which you happen to _hate_ nospam.

That excuse is to claim that Apple is as bad (or worse) than Google is.

But more important than you lame excuses of how bad you think Apple is
compared to Google (or Microsoft or Samsung, etc.), is that you don't seem
to be aware that the iPhone _requires_ that account while Android does not.

In summary, almost every claim from you, nospam, shows not only your
abnormally low adult comprehensive level, but a total lack of knowledge of
both Android and iOS (and particularly in how they're vastly different).

HINT: You don't need a mothership tracking account on _any_ other common operating system other than iOS (and now, only recently, Windows 11).

You don't even realize that the Google account is not mandatory on Android.
--
Posted out of the goodness of my heart to disseminate useful information
which, in this case, is to show the iKooks are brazen deceitful liars.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am 26.02.23 um 23:44 schrieb badgolferman:

A woman said that soon after her iPhone was stolen, she was locked out of
her Apple account.

Reyhan Ayas said Apple was "not helpful at all" after $10,000 was taken
from her bank account.

She told Insider: "Once someone gets into that security environment, it
turns against you."

a) User careless
b) Absolutely not iPhone-specific

This group degenerates to a lot of irrelevant storytelling.

--
Gutta cavat lapidem (Ovid)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <tthib0$1cggp$1@solani.org>, Joerg Lorenz <hugybear@gmx.ch>
wrote:

This group degenerates to a lot of irrelevant storytelling.

there's only one storyteller, and he is indeed busy creating many
fictitious stories to tell.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <k64amtFgi7aU1@mid.individual.net>, Jolly Roger <jollyroger@pobox.com> wrote:

What's needed is the ability to individually require biometrics, or a
PIN, to open certain apps even when the phone screen is already
unlocked.

That's been available on iPhones for ages. Most of my banking apps allow
you to enable Touch ID or Face ID to unlock the app when it is launched.
And many other apps also provide this capability (it's baked into
Apple's operating system as a simple API call), such as my Proton email
app, and others.

android too.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-27 13:22, Jolly Roger wrote:

Especially with a secure passcode rather than a simply 6-digit numeric
pin code which would be easily observed by watching someone enter it
over their shoulder. My passcode is a 20-character easy-to-remember
sentence, complete with capitalization, letters, numbers, spaces, and punctuation.

A bit long (IMO). Mine is 10 char composed of a 5 char word + 5 chars
of gibberish (digits/symbols). My watch is 8 digits - but only need to
enter those when I strap on the watch. Not likely to have a stranger
staring over my shoulder at 7 am.

IAC, in "public" only seem to need FaceID or my Watch.

That's been available on iPhones for ages. Most of my banking apps allow
you to enable Touch ID or Face ID to unlock the app when it is launched.
And many other apps also provide this capability (it's baked into
Apple's operating system as a simple API call), such as my Proton email
app, and others.

Yes indeed - my banks and several other accounts are FaceID activated.

--
“Donald Trump and his allies and supporters are a clear and present
danger to American democracy.”
- J Michael Luttig - 2022-06-16
- Former US appellate court judge (R) testifying to the January 6
committee

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

badgolferman wrote:

A woman said that soon after her iPhone was stolen, she was locked
out of her Apple account.

Reyhan Ayas said Apple was "not helpful at all" after $10,000 was
taken from her bank account.

Last week’s WSJ report cited experiences of iPhone owners who had their iPhones stolen, only to later see their Apple account compromised, the
password changed, and further accounts – including bank accounts –
accessed as well. These weren’t cases of advanced hacks, but rather a
simple security loophole. Using the passcode (PIN) on the iPhone, the
criminal who stole it was able to change the account passwords and
access other accounts, all without knowing the owner’s passwords.

Frighteningly, this can also happen on Android phones, as a PIN is all
that’s needed to change your Google account password.

Mishaal Rahman highlighted how this works on Twitter, with an option in
Google account settings to use your Android phone’s screen lock to
change the account password. Google permits this as the password change
request is coming from a device that “is yours,” but there’s no further verification beyond your PIN. Google’s process, notably, first prompts
you to input your current password first, but using the “forgot
password” option allows the PIN to be used instead.

This is obviously concerning, as it means a stolen smartphone could
mean losing access to your Google account and much more, but it was
noted in the report that the main target for this kind of practice
seems to revolve around iPhones, as they tend to hold higher resale
value in the United States. Apparently, 99% of cases seen by a
detective were iPhones.



https://9to5google.com/2023/02/27/android-pin-google-account-stolen/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-28 09:27, badgolferman wrote:

badgolferman wrote:

A woman said that soon after her iPhone was stolen, she was locked
out of her Apple account.

Reyhan Ayas said Apple was "not helpful at all" after $10,000 was
taken from her bank account.

Last week’s WSJ report cited experiences of iPhone owners who had their iPhones stolen, only to later see their Apple account compromised, the password changed, and further accounts – including bank accounts – accessed as well. These weren’t cases of advanced hacks, but rather a simple security loophole. Using the passcode (PIN) on the iPhone, the criminal who stole it was able to change the account passwords and
access other accounts, all without knowing the owner’s passwords.

Frighteningly, this can also happen on Android phones, as a PIN is all that’s needed to change your Google account password.

As I pointed out earlier, using simple PIN's (which is how these people
got screwed) is a very dumb thing only compounded by entering it while
sitting in a bar punching the number in for anyone to see.

noted in the report that the main target for this kind of practice
seems to revolve around iPhones, as they tend to hold higher resale
value in the United States. Apparently, 99% of cases seen by a
detective were iPhones.

Yes, exactly as I pointed out when you originally posted this thread.

--
“Donald Trump and his allies and supporters are a clear and present
danger to American democracy.”
- J Michael Luttig - 2022-06-16
- Former US appellate court judge (R) testifying to the January 6
committee

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Alan Browne <bitbucket@blackhole.com> wrote:

On 2023-02-28 09:27, badgolferman wrote:

badgolferman wrote:

A woman said that soon after her iPhone was stolen, she was locked
out of her Apple account.

Reyhan Ayas said Apple was "not helpful at all" after $10,000 was
taken from her bank account.

Last week???s WSJ report cited experiences of iPhone owners who had their iPhones stolen, only to later see their Apple account compromised, the password changed, and further accounts ??? including bank accounts ??? accessed as well. These weren???t cases of advanced hacks, but rather a simple security loophole. Using the passcode (PIN) on the iPhone, the criminal who stole it was able to change the account passwords and
access other accounts, all without knowing the owner???s passwords.

Frighteningly, this can also happen on Android phones, as a PIN is all that???s needed to change your Google account password.

As I pointed out earlier, using simple PIN's (which is how these people
got screwed) is a very dumb thing only compounded by entering it while sitting in a bar punching the number in for anyone to see.

noted in the report that the main target for this kind of practice
seems to revolve around iPhones, as they tend to hold higher resale
value in the United States. Apparently, 99% of cases seen by a
detective were iPhones.

Yes, exactly as I pointed out when you originally posted this thread.

Doesn't Apple enforce longer PINs these days?
--
"I myself am convinced, my brothers, that you yourselves are full of goodness, complete in knowledge and competent to instruct one another." --Romans 15:14. Last week's 5" heavy cold rain left a mess like leaks, craziness, etc. More 2 come tho. :(
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
/ /\ /\ \ Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-28, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

badgolferman wrote:

A woman said that soon after her iPhone was stolen, she was locked out
of her Apple account.

Reyhan Ayas said Apple was "not helpful at all" after $10,000 was
taken from her bank account.

Last week’s WSJ report cited experiences of iPhone owners who had
their iPhones stolen, only to later see their Apple account
compromised, the password changed, and further accounts – including
bank accounts – accessed as well. These weren’t cases of advanced
hacks, but rather a simple security loophole. Using the passcode (PIN)
on the iPhone, the criminal who stole it was able to change the
account passwords and access other accounts, all without knowing the owner’s passwords.

Frighteningly, this can also happen on Android phones, as a PIN is all that’s needed to change your Google account password.

Thieves gaining access to people's accounts by way of their computer or smartphone is nothing new, unless you've been living under a rock for
the past 20 years.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-28, Ant <ant@zimage.comANT> wrote:

Doesn't Apple enforce longer PINs these days?

The minimum length for Apple mobile devices is six digits, but you've
been able to supply a much longer alphanumeric passcode for decades.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <k66ojbFs05kU4@mid.individual.net>, Jolly Roger <jollyroger@pobox.com> wrote:

Doesn't Apple enforce longer PINs these days?

The minimum length for Apple mobile devices is six digits,

the default is 6, but it can be set to 4.

but you've
been able to supply a much longer alphanumeric passcode for decades.

yep, as well as a longer numeric pin code, which has the advantage of
using a numeric keypad instead of a qwerty keyboard, making it easier
to tap in the numbers.

10-15 digits (or more) isn't anything someone is likely to be able to
watch and remember but is *very* secure. brute forcing that will take a *really* long time.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <xn0nymq27fumjph001@reader443.eternal-september.org>,
badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

Last week�s WSJ report cited experiences of iPhone owners who had their iPhones stolen, only to later see their Apple account compromised, the password changed, and further accounts � including bank accounts �
accessed as well. These weren�t cases of advanced hacks, but rather a
simple security loophole.

it's not a security loophole if someone watches another person tap in
their passcode and then steals their phone.

Frighteningly, this can also happen on Android phones, as a PIN is all
that�s needed to change your Google account password.

yep, but of course, only apple is to blame for this.


watching people tap in passwords is nothing new. people have been doing
that for *years*, on all sorts of things, including door locks.

in some cases, you don't need to actually watch the person, but instead
look at wear patterns on the buttons or grease marks on the screen, to
narrow down which digits are used, making it much easier to guess.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-28 11:07, Ant wrote:

Doesn't Apple enforce longer PINs these days?

Using PINs is a sure way to get broken into in cases as cited - adding 2
digits isn't much. Having a more complex PW will be harder for a lurker
to pick up as there is more to spot and remember. More likely someone
will spot what they're doing too if they linger too long.

Further, if there is a way people could be behind you, shield the phone
when entering PWs (cover the keypad or face the "adversaries").

Best: use FaceID or TouchID.
====

--
“Donald Trump and his allies and supporters are a clear and present
danger to American democracy.”
- J Michael Luttig - 2022-06-16
- Former US appellate court judge (R) testifying to the January 6
committee

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/28/2023 6:27 AM, badgolferman wrote:

<snip>

Frighteningly, this can also happen on Android phones, as a PIN is all that’s needed to change your Google account password.

On Android You can implement an extra layer of security so you can't get
into Google or Chrome to change the password.

It all depends on the level of trouble you're willing to go through to
prevent unauthorized users, that are able to get past the screen lock,
from doing bad things.

I set up my Android device so it can't open Chrome or Google without an
extra layer of security. Ditto for Amazon, eBay, and banking apps.

If you jailbreak your iPhone there are (or were) tweaks available to
protect individual apps. Not sure if they are still available since each
time iOS is changed some of the tweaks stop working.

I'm hopeful that Apple will copy Samsung's "Secure Folder" at sometime
in the future since it's a very useful feature that would not negatively
affect Apple revenue.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <ttllf0$3mgh7$1@dont-email.me>, sms
<scharf.steven@geemail.com> wrote:

On Android You can implement an extra layer of security so you can't get
into Google or Chrome to change the password.

same for ios.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-28, nospam <nospam@nospam.invalid> wrote:

In article <k66ogtFs05kU3@mid.individual.net>, Jolly Roger
<jollyroger@pobox.com> wrote:

Thieves gaining access to people's accounts by way of their computer
or smartphone is nothing new, unless you've been living under a rock
for the past 20 years.

50+ years.

Touche`

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-28, nospam <nospam@nospam.invalid> wrote:

In article <k66ojbFs05kU4@mid.individual.net>, Jolly Roger
<jollyroger@pobox.com> wrote:

Doesn't Apple enforce longer PINs these days?

The minimum length for Apple mobile devices is six digits,

the default is 6, but it can be set to 4.

Ah. Thanks for the correction. I was not aware that was even an option
anymore.

but you've been able to supply a much longer alphanumeric passcode
for decades.

yep, as well as a longer numeric pin code, which has the advantage of
using a numeric keypad instead of a qwerty keyboard, making it easier
to tap in the numbers.

10-15 digits (or more) isn't anything someone is likely to be able to
watch and remember but is *very* secure. brute forcing that will take
a *really* long time.

Yup. My wife and I often think of a sentence (including capitalization,
spaces, and punctuation) that is easy for us to remember, and doesn't
contain identifiable information (birthdays, etc), and use that for our
secure passwords that we want to remember. For just about everything
else, Keychain's suggested passwords work fine. And in the rare
situation where some goofy website or service demands such restrictive
password criteria that Apple's suggestions won't work, we wrote a
little script that generates somewhat easy-to-remember and secure
passwords with customizable delimiters, number of sections, and number
of word forms per section (ex: has1wAf+meB3kex9).

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

badgolferman wrote:

Last week's WSJ report cited experiences of iPhone owners who had their iPhones stolen, only to later see their Apple account compromised, the password changed, and further accounts - including bank accounts -
accessed as well. These weren't cases of advanced hacks, but rather a
simple security loophole. Using the passcode (PIN) on the iPhone, the criminal who stole it was able to change the account passwords and
access other accounts, all without knowing the owner's passwords.

We have to look at that clickbait with a bit of intelligence, badgolferman.

*The problem is that iOS _requires_ you to have an Apple account*.
*Android does not*

Frighteningly, this can also happen on Android phones, as a PIN is all
that's needed to change your Google account password.

Why would anyone even have a Google Account set up on an Android phone?

The whole point of being intelligent is to put our brains to good use,
where you can't do what they worry about if you don't even have a Google Account set up on your Android phone.

There's _nothing_ (as far as I can tell) the Google Account does for you
that you can't do without that account (usually better) if you're smart.
--
Note you can have as many Google Accounts as you want to have; what I'm
talking about is setting up the device without that Account set up too.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Alan Browne wrote:

noted in the report that the main target for this kind of practice
seems to revolve around iPhones, as they tend to hold higher resale
value in the United States. Apparently, 99% of cases seen by a
detective were iPhones.

Yes, exactly as I pointed out when you originally posted this thread.

There's another thread which already proved iPhones do NOT hold higher
resale value than Android phones. It's not even close.

People have to be intelligent when they believe those clickbait claims.

Bear in mind also that any iPhone which can't load the latest iOS 16
release is already so compromised that you may as well throw it away.

For an intelligent person...
*That means anything older than an iPhone 8 is literally worthless*.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

nospam wrote:

10-15 digits (or more) isn't anything someone is likely to be able to
watch and remember but is *very* secure. brute forcing that will take a *really* long time.

What an intelligent person would note is that nobody will be brute forcing _anything_ on an iPhone given there are so many iOS zero day holes extent.

*There is no smartphone with _fewer_ zero-day holes than the iPhone*

Worse, any iPhone earlier than an iPhone 8 is literally worthless because
Apple will not add the full set of patches that Apple is already aware of.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Jolly Roger wrote:

10-15 digits (or more) isn't anything someone is likely to be able to
watch and remember but is *very* secure. brute forcing that will take
a *really* long time.

Yup. My wife and I often think of a sentence (including capitalization, spaces, and punctuation) that is easy for us to remember, and doesn't
contain identifiable information (birthdays, etc), and use that for our secure passwords that we want to remember.

Apple has all you low-IQ iKooks bamboozled as to what the threat is.

What's interesting is that uneducated people like Jolly Roger are
blissfully clueless that nobody is going to brute force an iPhone PIN.

FACT:
*The iPhone has more zero day holes than any smartphone on the planet*

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28/02/2023 19:42, sms wrote:

I'm hopeful that Apple will copy Samsung's "Secure Folder" at sometime
in the future since it's a very useful feature that would not negatively affect Apple revenue.

If you don't have a Samsung, you can use any encryption app to store your personal data securely in any number of private folders on your device.

For locking individual apps, you can use a variety of app password lock programs which give you different locks for different apps if you want.

I don't know if multiple applocks can be installed on the iPhone though.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

nospam wrote:

Frighteningly, this can also happen on Android phones, as a PIN is all
that�s needed to change your Google account password.

yep, but of course, only apple is to blame for this.

It's no longer shocking how ignorant nospam is that the Android phone does
not require a Google Account (while iPhones do require an Apple account).

Hence, in that way, clearly, *Apple _is_ to blame for this*.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Alan Browne wrote:

Best: use FaceID or TouchID.

Jesus Christ.

Alan Browne is bamboozled by _every_ idiotic Apple MARKETING gimmick.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <ttmh7h$1dopq$1@paganini.bofh.team>, Andy Burnelli <nospam@nospam.net> wrote:

What an intelligent person would note is that nobody will be brute forcing _anything_ on an iPhone given there are so many iOS zero day holes extent.

translated: you know absolutely nothing about cracking into iphones (or
other devices for that matter).

hint: a zero-day is not a free ticket into a device.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

nospam wrote:

What an intelligent person would note is that nobody will be brute forcing >> _anything_ on an iPhone given there are so many iOS zero day holes extent.

translated: you know absolutely nothing about cracking into iphones (or
other devices for that matter).

hint: a zero-day is not a free ticket into a device.

It is on iOS, nospam.

In fact, *there are _many_ zero-click zero-day holes in the iPhone*.

It's no longer shocking how ignorant you are of zero-click iOS holes.
<https://duckduckgo.com/?q=zero%2Dclick%20zero%2Dday%20hole%20in%20ios>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <ttmmup$1ed12$1@paganini.bofh.team>, Andy Burnelli <nospam@nospam.net> wrote:

What an intelligent person would note is that nobody will be brute forcing >> _anything_ on an iPhone given there are so many iOS zero day holes extent.

translated: you know absolutely nothing about cracking into iphones (or other devices for that matter).

hint: a zero-day is not a free ticket into a device.

It is on iOS

nope.

keep on digging. it's the only thing you're good at.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

nospam wrote:

Why would anyone even have a Google Account set up on an Android phone?

because a *lot* of stuff doesn't work without one.

It's no longer shocking how little you know about Android, nospam.

although to be fair, it does require actually having a brain, which in
your case, the lack of one explains a lot.

That you _hate_ the lack of functionality on iOS, nospam, is transparent
when you feel the only defense you have to facts about iOS are insults.

The whole point of being intelligent is to put our brains to good use,

you might consider trying that sometime.

Tell us, nospam, what app functionality I can't get with my Android and iOS devices that you claim I must have a Google account set up on Android for.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

nospam wrote:

What an intelligent person would note is that nobody will be brute forcing >>>> _anything_ on an iPhone given there are so many iOS zero day holes extent. >>>

translated: you know absolutely nothing about cracking into iphones (or
other devices for that matter).

hint: a zero-day is not a free ticket into a device.

It is on iOS

nope.

keep on digging. it's the only thing you're good at.

It's transparent you _hate_ that iOS is extremely vulnerable to hackers.

You are not normal in that you can't formulate an _adult_ response to the
basic well known and well documented fact that iOS is the _worst_ phone operating system in terms of consistent zero-day zero-click holes.

It's no longer shocking how ignorant you are of the many 0-click iOS holes.
<https://duckduckgo.com/?q=zero%2Dclick%20zero%2Dday%20hole%20in%20ios>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-28 15:31, Jolly Roger wrote:

On 2023-02-28, nospam <nospam@nospam.invalid> wrote:

In article <k66ogtFs05kU3@mid.individual.net>, Jolly Roger
<jollyroger@pobox.com> wrote:

Thieves gaining access to people's accounts by way of their computer
or smartphone is nothing new, unless you've been living under a rock
for the past 20 years.

50+ years.

Touche`

It took two weeks, but the VAX-785 admin finally came to me to find out
how I got access to his login script and put in a "Hi there!" note.

Stubborn, smart guy spent hours and hours trying to see how someone
broke in to his account. There weren't many suspects but I was near top
of the list.

"So, how did you do it?"

"When I went to ask you about something, your lab notebook was open on
your desk with the password in bold large print."

--
“Donald Trump and his allies and supporters are a clear and present
danger to American democracy.”
- J Michael Luttig - 2022-06-16
- Former US appellate court judge (R) testifying to the January 6
committee

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-03-01 06:24, Alan Browne wrote:

On 2023-02-28 15:31, Jolly Roger wrote:

On 2023-02-28, nospam <nospam@nospam.invalid> wrote:

In article <k66ogtFs05kU3@mid.individual.net>, Jolly Roger
<jollyroger@pobox.com> wrote:

Thieves gaining access to people's accounts by way of their computer
or smartphone is nothing new, unless you've been living under a rock
for the past 20 years.

50+ years.

Touche`

It took two weeks, but the VAX-785 admin finally came to me to find out
how I got access to his login script and put in a "Hi there!" note.

Stubborn, smart guy spent hours and hours trying to see how someone
broke in to his account.  There weren't many suspects but I was near top
of the list.

"So, how did you do it?"

"When I went to ask you about something, your lab notebook was open on
your desk with the password in bold large print."

An anecdote from my days at the University of Waterloo:

I wasn't taking computer courses, but I ended up hanging out with a lot
of people in the university who were (including Brad Templeton, who is
the one who literally put the "dot" into internet site names).

As you can imagine, there were a lot of people playing around on
computer and with resources limited, trying to find ways to get more
computer time than they were entitled to.

The main system at UW's Math Faculty Computing Facility was a Honeywell
6050 "Bun" and there was an account on the system called "master" which
had all the power to control... ...everything.

User accounts on the system consisted of the user's first and middle
initials combined with his or her last name (I used an account by
someone else: "kgdykes").

The story goes that some clever student requested an account on the
system and gave his name as "Michael Allen Sternbaum". This was back
around 1980, and there really wasn't any checking to authenicate such
requests, so the account was created:

masterbaum

Can you see where this is going?

That's right: at that time the operating system only checked that the
first 6 digits of the account matched "master" and when the student
logged in as "masterbaum", he had full access to the system.

Fortunately, this was just a student playing a prank, so he simply
caused a message of some kind to appear on everyone's terminals and then
locked everyone out.

Very shortly, there was a patch to the operating system applied.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-03-01 13:24, Alan wrote:

On 2023-03-01 06:24, Alan Browne wrote:

On 2023-02-28 15:31, Jolly Roger wrote:

On 2023-02-28, nospam <nospam@nospam.invalid> wrote:

In article <k66ogtFs05kU3@mid.individual.net>, Jolly Roger
<jollyroger@pobox.com> wrote:

Thieves gaining access to people's accounts by way of their computer >>>>> or smartphone is nothing new, unless you've been living under a rock >>>>> for the past 20 years.

50+ years.

Touche`

It took two weeks, but the VAX-785 admin finally came to me to find
out how I got access to his login script and put in a "Hi there!" note.

Stubborn, smart guy spent hours and hours trying to see how someone
broke in to his account.  There weren't many suspects but I was near
top of the list.

"So, how did you do it?"

"When I went to ask you about something, your lab notebook was open on
your desk with the password in bold large print."

An anecdote from my days at the University of Waterloo:

I wasn't taking computer courses, but I ended up hanging out with a lot
of people in the university who were (including Brad Templeton, who is
the one who literally put the "dot" into internet site names).

As you can imagine, there were a lot of people playing around on
computer and with resources limited, trying to find ways to get more
computer time than they were entitled to.

The main system at UW's Math Faculty Computing Facility was a Honeywell
6050 "Bun" and there was an account on the system called "master" which
had all the power to control... ...everything.

User accounts on the system consisted of the user's first and middle
initials combined with his or her last name (I used an account by
someone else: "kgdykes").

The story goes that some clever student requested an account on the
system and gave his name as "Michael Allen Sternbaum". This was back
around 1980, and there really wasn't any checking to authenicate such requests, so the account was created:

masterbaum

Can you see where this is going?

That's right: at that time the operating system only checked that the
first 6 digits of the account matched "master" and when the student
logged in as "masterbaum", he had full access to the system.

Fortunately, this was just a student playing a prank, so he simply
caused a message of some kind to appear on everyone's terminals and then locked everyone out.

Very shortly, there was a patch to the operating system applied.

Clever hack - but when doing such one should never lock out others.
Unintended consequences can be expensive.

[Also there's a little error in your story... (I'll let you lie awake at
night on that one...)]

An engineer pointed out a backdoor due to bad integration of an hp-64000 cluster to the VAX and I used that to do another "Hi there!" attack on
the VAX admin's login script. But no locking anyone out.

Indeed these days, one would do best to report the bug and leave it
otherwise alone.

--
“Donald Trump and his allies and supporters are a clear and present
danger to American democracy.”
- J Michael Luttig - 2022-06-16
- Former US appellate court judge (R) testifying to the January 6
committee

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)