Hacker News new | past | comments | ask | show | jobs | submit login

Shit. I am running the iOS 7 beta with automatic app updates, and I already have the new app.

I am considering wiping my phone and restoring it from a previous backup with the old copy of the app.

Edit: I was still logged in from my browser, and was able to activate the new version without entering a code from the deceased version of the app.

From this, it seems theft of your cookies could let an attacker completely take over your account and two-factor device if they know your account password and you have chosen to trust the victim computer.

If you have a password on your backups, the codes are in your backed-up keychain. (Google Authenticator doesn't mark its keychain entries as "keep on device".) You'll need to patch iphone-dataprotection to handle a the iOS7 keychain format (I added a patch to the bug tracking database.)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact