iPhone users say attackers called them from Apple’s number to hijack their account،
Apple users are the target of a new attack aimed at taking over all of their devices.
The attackers may be relying on a glitch in Apple's password reset mechanism, but nothing can be said for sure at the moment. Apparently, the attackers operate in the hope that sooner or later, a user will press “Allow” after incessant password reset requests, either intentionally or by mistake.
If that doesn't work, the attackers will call the victim from what looks like Apple's number because they've spoofed it. They will then tell them that their account is attacked and Apple will ask them to “verify” a one-time code.
If Patel had provided the one-time password, he could have lost access to his account and data.
Another user named Chris experienced something similar in February. He received 30 simultaneous notifications and denied them all, but the attack attempts continued for several days. He then received a call from the attackers, who claimed to be from Apple, but Chris said he would call them back. He then called Apple's number and was told no one had called him.
This episode prompted Chris to reset all his passwords and get a new iPhone, only to be greeted by more alerts on his new iPhone while at the Apple Genius Bar. That's when he realized the attackers were likely relying on Apple users' phone numbers to launch their attacks.
“I said I would call them back and hung up. When I called the real Apple again, they couldn't tell if anyone had a support call with me at that time. They simply said that Apple had stated very clearly that it would never initiate outbound calls to customers unless the customer requested to be contacted. -Chris
The last incident mentioned in the report was reported by Ken. He said he started getting these shady alerts on his Apple gadgets earlier this year and was given an Apple recovery key by an Apple engineer to stop the notifications.
This optional security feature aims to improve the security of Apple ID accounts. When enabled, the standard account recovery process is disabled. If you ever lose the key, you will be permanently locked out of all your devices.
Ken activated a recovery key, but he still receives unsolicited system alerts every few days on all his Apple devices.
It's disconcerting that Apple's authentication system would allow anyone to bombard a device with numerous password change requests in a matter of moments, especially when the initial requests were not answered. There could be a bug in Apple's system, but the company has so far said nothing about the attacks.