Skip to main content

Security hole allows anyone to reset an Apple ID with email and DOB

 Gaping security holes are a pretty terrifying thing, especially when they involve something as sensitive as your Apple ID. Sadly it seems that immediately after making the paranoid happy by instituting two-step authentication a pretty massive flaw in Cupertino's system was discovered and first reported by The Verge. Turns out you can reset any Apple ID password with nothing more than a person's email address and date of birth -- two pieces of information that are pretty easy to come across.
There's a little more to the hack, but it's simple enough that even your non-tech savvy aunt or uncle could do it. After entering the target email address in the password reset form you can then select to answer security questions to validate your identity. The first task will be to enter a date of birth. If you enter that correctly then paste a particular URL into the address bar (which we will not be publishing for obvious reasons), press enter, then -- voilà -- instant password reset! Or, at least that's the story. While we were attempting to verify these claims Apple took down the password reset page for "maintenance." Though we've received no official confirmation from Apple, it seems the company is moving swiftly to shut down this particularly troublesome workaround before word of it spreads too far.

 

Comments

Popular posts from this blog

LG’s first flexible OLED phone due before the year is out

LG plans to launch a flexible OLED smartphone before the end of the year, the company’s VP of mobile has confirmed, though it’s unclear to what extent the work-in-progress handset will actually flex. The OLED panel in question is the handiwork of LG Display according to VP of LG mobile Yoon Bu-hyun, the WSJ  reports, with the proposed device set to launch sometime in Q4. LG Display’s work on flexible OLEDs has been underway for some time, though the company’s efforts have perhaps been overshadowed somewhat by rival Samsung’s YOUM development. Last year, according to a Korea Times report, LG Display was preparing for

Syrian Electronic Army claims credit for CBS Twitter accounts hack

Yesterday, several of CBS ’s Twitter accounts were hacked, including its main account, and its accounts for 60 Minutes, 48 Hours, and CBS Denver. The hackers got into the account and tweeted a series of things relating to President Obama and the United States being in cahoots with Al-Qaeda . The tweets also had links that led users to malware-infested sites. While CBS was able to regain access to its accounts, it was unable to figure out who was behind the attacks, until now. The Syrian Electronic Army , the same group that hacked 3 of the BBC’s Twitter accounts, claimed

Can Technology Do a Better Job of Finding Bombs?

 With the horrifying images of the Boston Marathon bombing still much too fresh in our minds, and with citywide marathons coming up this weekend in London, Hamburg, and Salt Lake City , law enforcement officers and citizens everywhere are asking how to prevent the tragedy from being repeated. As Columbia University School of International and Public Affairs adjunct professor Abraham Wagner observed last year, on the 11th anniversary of 9/11, there’s “no magic bullet o