All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

As an Amazon Associate I earn from qualifying purchases @AMAZON

Consult with Lloyd: cameras, computers, backup, etc...
Lloyd’s Patreon
Designed for the most demanding needs of photographers and videographers.
Connect and charge all of your devices through a single Thunderbolt or USB-C port.
Highly Recommended!
External SSD wish listDeals on OWC
$220 SAVE $130 = 37.0% Western Digital 16.0TB Western Digital Ultrastar DC HC550 3.5-in… in Storage: Hard Drives
$680 OWC 2.0TB OWC Atlas Ultra CFexpress 4.0 Type B Memory Card in All Other Categories
$580 OWC 4.0TB OWC Envoy Pro Elektron USB-C Portable NVMe SSD in All Other Categories
$630 OWC 4.0TB OWC Express 1M2 USB4 (40Gb/s) Bus-Powered Portable NVM… in All Other Categories
$2380 OWC 72.0TB OWC ThunderBay 4 Four-Drive Thunderbolt External Stor… in All Other Categories
Newly In Stock: SEE ALL...
Sony Mirrorless wish listDeals on Sony
$2997 Nikon Z7 II Mirrorless Camera OUT OF STOCK in Cameras: Mirrorless
$2297 Nikon D780 DSLR OUT OF STOCK in Cameras: DSLR
$2997 Nikon D850 DSLR OUT OF STOCK in Cameras: DSLR
$720 ZEISS 32mm f/1.8 Touit Lens for FUJIFILM X OUT OF STOCK in Lenses: Mirrorless
$497 Pentax 70mm f/2.4 HD Pentax DA Limited IN STOCK in Lenses: DSLR

WSJ: A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life

2023-02-25 • SEND FEEDBACK |
Related: Apple, Apple iOS, Apple iPhone and iPad, cyber social engineering, iOS, passphrase, security, The Wall Street Journal

re: cyber social engineering.

It’s not just about having your phone stolen; a phone can be replaced.

It’s about your bank account(s) being drained and your entire digital presence stolen/destroyed.

Worse, Apple’s recovery key feature can deprive you of access to iCould permanently—you lose everything on iCloud, forever.

Local backups (at home and/or office) not connected to a computer are critical. I keep trying to explain this to my kids and they just don’t get it—I hope my readers do.

See also: Apple iOS: Major Security Hazard if Passcode Compromised?

WSJ: A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life

2023-02-24

Security hazard on iOS: auto-filll passwords

The passcode that unlocks your phone can give thieves access to your money and data; ‘it’s like a treasure box’

NEW YORK—In the early hours of Thanksgiving weekend, Reyhan Ayas was leaving a bar in Midtown Manhattan when a man she had just met snatched her iPhone 13 Pro Max.

Within a few minutes, the 31-year-old, a senior economist at a workforce intelligence startup, could no longer get into her Apple account and all the stuff attached to it, including photos, contacts and notes. Over the next 24 hours, she said, about $10,000 vanished from her bank account.

Similar stories are piling up in police stations around the country. Using a remarkably low-tech trick, thieves watch iPhone owners tap their passcodes, then steal their targets’ phones—and their digital lives.

[Read our guide with tips to protect your iPhone data from thieves.]

Security hazard on iOS: cash, cards

The thieves are exploiting a simple vulnerability in the software design of over one billion iPhones active globally. It centers on the passcode, the short string of numbers that grants access to a device; and passwords, generally longer alphanumeric combinations that serve as the logins for different accounts. 

With only the iPhone and its passcode, an interloper can within seconds change the password associated with the iPhone owner’s Apple ID. This would lock the victim out of their account, which includes anything stored in iCloud. The thief can also often loot the phone’s financial apps since the passcode can unlock access to all the device’s stored passwords.

MPG: a simple passcode that unlocks everything and allows changing everything irreversibly is unbelievably bad security.

I give Apple an 'F' on real-world security because Apple fails to address the physical risks involved, relying entirely on the (false) premise that passcode security is all you need.

See Apple iOS: Major Security Flaw is Just Unbelievable, Apple Ought to Have Full Civil Liability.

WSJ: How to Protect Your iPhone Data From Thieves

2023-02-24

What You Should Do

  • Cover your screen in public...
  • Strengthen your passcode...
  • Enable additional protection for other apps...
  • Use a third-party password manager.... [MPG: better than using built-in features, but still a severe risk due to the thread of violence]
  • Delete scans of sensitive information...
  • If your iPhone is stolen, act quickly... [MPG: good luck! thieves know this too]

What Apple could do

  • Let people add extra Apple ID password protection...
  • Password-protect the iCloud Keychain...
  • Protect account recovery from hijackers...

“The most important thing is awareness,” says Sgt. Robert Illetschko, the lead investigator on such iPhone theft cases in Minneapolis. “People forget that what they’re holding in their hand is their entire life.” He adds, “If someone has access to it, they can do a lot of damage.”

MPG: losing your phone should not mean losing your digital life, and Apple is remiss in making it so easy for thieves to exploit you.

Recommendation: whenever feasible, use 2-Factor Authentication such as a separate hardware key for all financial/sensitive accounts. It’s a small device that fits onto a keychain with a code that changes every 30 seconds or so.

View all handpicked deals...

Seagate 22TB IronWolf Pro 7200 rpm SATA III 3.5" Internal NAS HDD (CMR)
$500 $400
SAVE $100

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | X.com/diglloyd
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__