
iPhones, Armed Robbery, and Hacking (2018) - jor-el
https://manybutfinite.com/post/iphones-armed-robbery-hacking/
======
jor-el
For me the main takeaway from the article is that the robbers have become
sophisticated enough to perform phishing attacks to get iCloud credentials.

Also, the author says using Authy is a good alternative as it provides
encrypted backup, but account authentication is via OTP to the registered
phone number, so it brings back to the same problem. Is there other
alternatives to this?

~~~
lotsofpulp
I don’t see how it’s sophisticated. Seems like an obvious method to get access
to someone’s login info, and simply enabling 2FA (non SMS preferably), and
disabling mobile service would have been the common sense protocol to prevent
all of this.

SMS 2FA is always weaker than TOTP, as are touchID and faceID. But you pay for
convenience. And sometimes users aren’t given the option for TOTP, which is
ridiculous in this day and age.

------
m463
Putting the sim in another phone is a nasty trick. Seems to get around 2fa.

If what 2fa is protecting is more important than your phone, I think a SIM PIN
is a good idea.

~~~
Nextgrid
The problem with a SIM PIN is that the phone can no longer get data service if
rebooted unless the PIN is provided, so Find My iPhone stops working. I once
lost a phone like that.

~~~
wink
As someone who never owned an iPhone and hasn't used a SIM without a PIN ever
(18 years now?) this is quite an interesting angle I'd never thought of.

