Printed from http://www.electronista.com

Exploit allows Apple ID account hijack with little info [u]

updated 03:47 pm EDT, Fri March 22, 2013

Two-step verification only current defense

(Updated with Apple disabling the iForgot password retrieval page) A new exploit lets people hijack an Apple ID account using only an email address and someone's date of birth, says The Verge. The process involves pasting in a modified URL while answering the date of birth question on Apple's password retrieval page. Doing this lets someone reset an Apple ID's password, locking out the original owner unless they can get Apple's help.

The only remedy to the problem appears to be the two-step verification process Apple introduced just yesterday. That forces people to enter a PIN code before changing account info, and the code is only accessible through Find My iPhone or a text message to a pre-registered phone number.

As a response to the exploit, Apple has disabled the iForgot webpage, used for password recovery and retrieval. Apple has not made any public comment on this matter, or given any timetable for the page's return.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. FireWire

    Mac Elite

    Joined: 10-03-99

    yeah

    like common hackers know that info... so the only people that could do it are relatives...

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    Would require a very ...

    determined and specific attack. Finding out someone's specific birthday and email address isn't hard if you know them, obviously, but if you don't know them that would take quite a bit of doing. While not meaning to suggest that this isn't a serious flaw, I suspect reports "in the wild" of such problems will be limited to pranksters within the victim's own circle of family or friends.

  1. hayesk

    Professional Poster

    Joined: 09-17-99

    Easy to find birth date

    Just look for public postings on facebook - Happy 40th birthday, Jimmy. And then guess his AppleID. It's not hard. Good on Apple for catching this quickly. Let's hope they fix it quickly.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Apple 13-inch MacBook Pro (Early 2015)

Although the new darling of the Apple MacBook line up is the all-new MacBook, Apple has given its popular 13-inch MacBook Pro with Ret ...

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Advertisement

toggle

Most Commented

 
toggle

Popular News