Apple ID Vulnerability Exposes CryptoWallets To Theft

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: lovesmayfamilis on May 21, 2023, 09:49:02 AM

"Some countries have country or region restrictions on app downloads in the App Store", so users are sometimes forced to buy other people's Apple IDs.

Quote from: lovesmayfamilis on May 21, 2023, 09:49:02 AM

https://catcoin.com/news/apple-id-vulnerability-exposes-cryptocurrency-wallets-to-theft/

This news source is really misleading. I wouldn't call security hole due to buying Apple ID as vulnerability. In addition, there are many other ways to bypass county restriction such as using VPN or creating new Apple ID on fresh browser/device while enabling VPN.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

This is probably not possible if you have 2FA enabled on the Apple ID (the modern 2FA, not the legacy "secret questions-based" 2FA, which is still vulnerable to this hack), because all the Apple devices connected to the Apple ID will show the location of the device trying to sign in and display a modal reading "Is this you?" allowing you to allow or deny the login accordingly. Theoretically after enough denials, Apple will just block all sign-ins with your ID from that location.

Obari

sr. member

Activity: 602

Merit: 442

I buy all valid country Gift cards swiftly.

This is insane and time without numbers I've always told and preached about security so hard even in my local community and I've had in mind that thses scammers and internet criminals are really advancing and aren't taking no chances in try to steal from vulnerable individuals.

I don't know why people want to skip kyc and if an application is been restricted in your location, it's a esr sign that you don't need it and there are other ways that one cab go about this rather than buying someone else's icloud and if the restrictions was just for Apple, why not try Android, maybe that could help.
Just my opinion.

KingsDen

legendary

Activity: 1288

Merit: 1081

Goodnight, o_e_l_e_o 🌹

Quote from: joniboini on May 21, 2023, 09:56:06 AM

I mean, buying Apple ID is kinda stupid in the first place. It was designed to allow easy backup if I'm not wrong, so personal data (where wallets or other apps store their data) will definitely get exposed, which is why using a password to encrypt the data should be mandatory even if you don't buy it from random strangers.

I also think so.
I do not see the needs for anyone to buy Apple ID if not what I have read here that there are alot of difficulties in creating new IDs. Years ago when I was on apple, it wasn't difficult to create, those are the years of iPhone 4. With the evolution of iPhone, it ought to be easier to create new IDs.
Could it be that people are avoiding signing in with credit cards or what, could it be because of criminals or what new features has Apple.
Well, I do not know much since I have fallen in love with Android (Samsung) over a decade now.
Then key phrases shouldn't he stored in the cloud or phone.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: lovesmayfamilis on May 21, 2023, 09:49:02 AM

Recent news again warns that if you have a crypto wallet installed on your phone, and the Apple ID is not yours, but you bought it, then you need to transfer your funds from the iPhone, in order to avoid theft.

I don't think this should be called Apple ID Vulnerability, and that is coming from someone who is not a fan of Apple products at all (read - me).
It's stupid to buy different ID account from someone else just because you want to install some app, I think using a VPN would be much better alternative.

348Judah

hero member

Activity: 714

Merit: 521

Quote from: lovesmayfamilis on May 21, 2023, 09:49:02 AM

Recent news again warns that if you have a crypto wallet installed on your phone, and the Apple ID is not yours, but you bought it, then you need to transfer your funds from the iPhone, in order to avoid theft.
"Some countries have country or region restrictions on app downloads in the App Store", so users are sometimes forced to buy other people's Apple IDs.

We only blame those that attacks us but we have to also blame ourselves to falling their traps, as long as they exist doesn't mean we fan stop them from unleasing evils deeds but we can only shield ourselves from being a partaker of this kind of attack unknowingly to many, it has happened on several cases whereby soe users will ust complain they have a lost in their entire asset due to an unexplanable form of attack, thanks for sharing this information, atleast some next to be a victim could evade such attack by coming across this important information and act upon it.

Quote from: lovesmayfamilis on May 21, 2023, 09:49:02 AM

Quote

A recent research study conducted by the security agency DilationEffect has raised concerns about the potential risk of cryptocurrency theft associated with buying someone’s Apple ID. The findings suggest that individuals who gain unauthorized access to an Apple ID could exploit the recovered data to steal cryptocurrency assets from the victim’s wallet.

https://twitter.com/WuBlockchain/status/1659388868561625090

Quote

The study highlights the existence of sophisticated criminal networks involved in these illegal activities, with the data on the blockchain indicating that the stolen coins have surpassed a staggering $10 million. The research brings to light a new dimension of vulnerability for cryptocurrency holders, as their digital assets could be compromised through a seemingly unrelated account, such as an Apple ID. The theft is made possible by recovering data associated with the victim’s cryptocurrency wallet from the compromised Apple ID. With this information in hand, criminals can gain access to the victim’s wallet and siphon off their funds.

Buying someones account, id, or any other thing belonging to the user is a higher way of showing being inexperience ad unexposed, why can someone buy another's person account or id it he's truly at the right state of mind, even if its coming in tree such should be avoided when you can create your own, why the laziness? well, i think lack of information aleo contributed to this because some never know they could be attacked in their nasty acceptance to using someone else's account for themselves.

Coyster

legendary

Activity: 2184

Merit: 1302

Apart from the possibility of losing your funds if you buy/sell your Apple ID, it is also dangerous in diverse other ways. Apple ID is an Apple users identity, thus using someone else's ID is like using their identity, and selling your personal Apple ID is like giving your identity over to someone else, it could definitely land someone in trouble. The person might get enough data/info about your for identity theft, thus you might get yourself arrested for a crime you didn't commit, but was committed with your info.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Correct me if I'm wrong — but isn't this obvious, and calling it a 'vulnerability' is like.. duh? Of course getting access to someone else's cloud data(in which some wallet backups are stored in) could potentially cause a person to get access to the Apple ID owner's data(and wallet backup).

tech30338

full member

Activity: 728

Merit: 151

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: lovesmayfamilis on May 21, 2023, 09:49:02 AM

Recent news again warns that if you have a crypto wallet installed on your phone, and the Apple ID is not yours, but you bought it, then you need to transfer your funds from the iPhone, in order to avoid theft.
"Some countries have country or region restrictions on app downloads in the App Store", so users are sometimes forced to buy other people's Apple IDs.

Quote

A recent research study conducted by the security agency DilationEffect has raised concerns about the potential risk of cryptocurrency theft associated with buying someone’s Apple ID. The findings suggest that individuals who gain unauthorized access to an Apple ID could exploit the recovered data to steal cryptocurrency assets from the victim’s wallet.

https://twitter.com/WuBlockchain/status/1659388868561625090

Quote

The study highlights the existence of sophisticated criminal networks involved in these illegal activities, with the data on the blockchain indicating that the stolen coins have surpassed a staggering $10 million. The research brings to light a new dimension of vulnerability for cryptocurrency holders, as their digital assets could be compromised through a seemingly unrelated account, such as an Apple ID. The theft is made possible by recovering data associated with the victim’s cryptocurrency wallet from the compromised Apple ID. With this information in hand, criminals can gain access to the victim’s wallet and siphon off their funds.

The security agency’s findings underscore the growing sophistication of criminal gangs involved in cryptocurrency theft. These groups have developed mature operations, targeting unsuspecting individuals and exploiting any available vulnerabilities. The stolen funds, exceeding $10 million, demonstrate the substantial financial impact of such criminal activities.

The research has prompted a renewed focus on enhancing security measures for both cryptocurrency assets and personal accounts. It serves as a reminder for individuals to maintain robust security practices, including using strong and unique passwords, enabling two-factor authentication, and regularly updating security settings

https://catcoin.com/news/apple-id-vulnerability-exposes-cryptocurrency-wallets-to-theft/

I did not find a similar topic, if a similar topic has been created, I will immediately close the topic

Why would someone buy an apple id , if you can create your own apple ID, i wont recommend that to anyone in the first place,
this is why lots of people are getting hacks or loosing their funds , and then they will cry in social media saying they have done nothing
and blame it to the company that their security is poorly setup , when in the first place they really know what is happening.

Husna QA

legendary

Activity: 2296

Merit: 2892

#SWGT CERTIK Audited

Suppose the user owning the Apple ID being sold applies 2FA to the Account security settings. In that case, other users who want to access the Apple ID certainly require verification from different devices that have been registered there.

But when someone deliberately makes an Apple ID without 2FA and sells it, I think the person who bought it is stupid. Because, after all the information he uses with the Apple ID, it is also very likely that the seller still keeps a copy to enter into the account he sells.

How is it different from buying, for example, a wallet.dat file from someone else who admits that the password is lost, so he can't open the wallet?

Quote from: Sokolik4 on October 30, 2018, 03:35:18 PM

Saya akan menjual 4 wallet.dat yang berbeda dari Bitcoin Core dengan kata sandi yang hilang. -snip-

Translation: I will sell four different wallet.dat from Bitcoin Core with lost passwords. -snip-

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Agree with this news because my friend asks me to help him create an Apple ID but is not easy to create an account on Apple before because it asks for I think debit/credit card if I remember correctly unlike years ago when steve jobs still alive you can easily make Apple ID without them.

However, instead of creating a new account, I give him my own account since I switch to Android due to more supported games/apps but I notice he can able to recover old data from my previous iPhone like contacts and data of some apps. Luckily I don't use it for Bitcoin because all my wallet before is on my old Laptop.

I can still see that there still many Apple users can't able to make Apple IDs which is why many phone technicians are selling Apple accounts or iCloud.

_act_

legendary

Activity: 1064

Merit: 1298

Lightning network is good with small amount of BTC

Quote from: joniboini on May 21, 2023, 09:56:06 AM

I mean, buying Apple ID is kinda stupid in the first place. It was designed to allow easy backup if I'm not wrong, so personal data (where wallets or other apps store their data) will definitely get exposed, which is why using a password to encrypt the data should be mandatory even if you don't buy it from random strangers. Btw, this is my first time hearing about people buying IDs to download an app instead of looking for an IPA or using other apps to save time and trouble. Didn't expect people to be that daring.

Information like seed phrase should not be stored online like on iCloud or Google Cloud. But without iCloud or Google Clouds, those OS manufacturers make many other vulnerabilities possible. Apple ID is a personal account that can access Apple Store, Online Stores related to Apple, iMassage and many other things including iCloud on your Apple devices. With this, it is saying that Apple ID is connected to Apple users apps and crypto wallet apps are included. I do not know Apple users can be easily hacked this way. We should know that any thing you are doing on Apple products is not safe as you have the Apple ID.

tranthidung

legendary

Activity: 2310

Merit: 4085

Farewell o_e_l_e_o

Quote from: joniboini on May 21, 2023, 09:56:06 AM

I mean, buying Apple ID is kinda stupid in the first place. It was designed to allow easy backup if I'm not wrong, so personal data (where wallets or other apps store their data) will definitely get exposed, which is why using a password to encrypt the data should be mandatory even if you don't buy it from random strangers. Btw, this is my first time hearing about people buying IDs to download an app instead of looking for an IPA or using other apps to save time and trouble. Didn't expect people to be that daring.

Recall that why the guy behind ChipMixer was caught with some activities and one of them is his selfies on Apple devices.

I hope that news on security on Apple ID will force more people to avoid storing their cryptocurrency on mobile devices, not only on Apple devices. Mobile devices should be considered as one of their hot wallets and should never be used to store all or majority of their cryptocurrency.

joniboini

legendary

Activity: 2170

Merit: 1789

I mean, buying Apple ID is kinda stupid in the first place. It was designed to allow easy backup if I'm not wrong, so personal data (where wallets or other apps store their data) will definitely get exposed, which is why using a password to encrypt the data should be mandatory even if you don't buy it from random strangers. Btw, this is my first time hearing about people buying IDs to download an app instead of looking for an IPA or using other apps to save time and trouble. Didn't expect people to be that daring.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

Recent news again warns that if you have a crypto wallet installed on your phone, and the Apple ID is not yours, but you bought it, then you need to transfer your funds from the iPhone, in order to avoid theft.
"Some countries have country or region restrictions on app downloads in the App Store", so users are sometimes forced to buy other people's Apple IDs.

Quote

A recent research study conducted by the security agency DilationEffect has raised concerns about the potential risk of cryptocurrency theft associated with buying someone’s Apple ID. The findings suggest that individuals who gain unauthorized access to an Apple ID could exploit the recovered data to steal cryptocurrency assets from the victim’s wallet.

https://twitter.com/WuBlockchain/status/1659388868561625090

Quote

The study highlights the existence of sophisticated criminal networks involved in these illegal activities, with the data on the blockchain indicating that the stolen coins have surpassed a staggering $10 million. The research brings to light a new dimension of vulnerability for cryptocurrency holders, as their digital assets could be compromised through a seemingly unrelated account, such as an Apple ID. The theft is made possible by recovering data associated with the victim’s cryptocurrency wallet from the compromised Apple ID. With this information in hand, criminals can gain access to the victim’s wallet and siphon off their funds.

The security agency’s findings underscore the growing sophistication of criminal gangs involved in cryptocurrency theft. These groups have developed mature operations, targeting unsuspecting individuals and exploiting any available vulnerabilities. The stolen funds, exceeding $10 million, demonstrate the substantial financial impact of such criminal activities.

The research has prompted a renewed focus on enhancing security measures for both cryptocurrency assets and personal accounts. It serves as a reminder for individuals to maintain robust security practices, including using strong and unique passwords, enabling two-factor authentication, and regularly updating security settings

https://catcoin.com/news/apple-id-vulnerability-exposes-cryptocurrency-wallets-to-theft/

I did not find a similar topic, if a similar topic has been created, I will immediately close the topic

Topic: Apple ID Vulnerability Exposes CryptoWallets To Theft (Read 181 times)