iPhone users say attackers called them from Apple's number to hijack their account
Apple users are targets of a new attack that aims to take over all of their devices.
KrebsOnSecurity reports that many users have complained of a phishing attack that makes Apple devices display an annoying number of system-level prompts. The attack makes the devices unusable until "Allow" or "Don't Allow" is selected for each prompt.
The attackers might be relying on a glitch in Apple’s password reset mechanism but nothing can be said for certain at the moment. Apparently, the attackers are operating with the hope that sooner or later a user will tap on "Allow" after incessant password reset requests, either willingly or by mistake.
If that doesn't work, the attackers will call the victim you from what looks like Apple's number, because they have spoofed it. They will then tell them that their account is under attack and Apple requires them to "verify" a one-time code.
One of the targets, Parth Patel, said he got multiple requests for approving a password change on his watch, phone, and laptop. After he denied them all, the attackers called him from 1-800-275-2273 - Apple Support's number. They knew almost everything about him but by some stroke of luck, they got his real name wrong.
If Patel had supplied the one-time password, he could have lost access to his account and data.
Another user named Chris went through something similar in February. He got 30 simultaneous notifications and denied them all, but the attack attempts continued for several days thereafter. He then got a call from the attackers, who were claiming to be from Apple, but Chris said he would call them back. He then dialed Apple's number and was told no one had called him.
This episode prompted Chris to reset all his passwords and get a new iPhone, only to be greeted by more alerts on his new iPhone, while he was at the Apple Genius Bar. This is when it hit him that the attackers were probably relying on the phone numbers of Apple users to initiate attacks.
"I said I would call them back and hung up. When I called back to the real Apple, they couldn’t say whether anyone had been in a support call with me just then. They just said Apple states very clearly that it will never initiate outbound calls to customers — unless the customer requests to be contacted." - Chris
The last incident mentioned in the report was reported by Ken. He said he started getting these fishy alerts on his Apple gadgets earlier this year and was given an Apple Recovery Key by an Apple engineer to put an end to the notifications.
This optional security feature is intended to improve the security of Apple ID accounts. When it's enabled, the standard account recovery process is disabled. If you ever lose the key though, you'll be permanently locked out of all of your devices.
Ken enabled a recovery key but he still gets unsolicited system alerts every few days on all his Apple devices.
It's baffling that Apple's authentication system lets anyone bombard a device with numerous password change requests within moments, especially when the initial requests haven't been responded to. There might be a bug in Apple's system but the company has so far said nothing about the attacks.
Things that are NOT allowed: