davidw

About

Username: davidw
Joined: October 2007
Visits: 187
Last Active: July 31
Roles: member
Points: 4,773
Badges: 1
Posts: 2,205

Reactions

2.4KLike49Dislike470Informative

U.S. antitrust officials ask to be heard in Epic vs. Apple appeal

davidw

September 2022

gatorguy said:

Kuyangkoh said:

Did Epic sue Google too? Why not Epic

In the time it took for you to type out that post you could have done a 10-second search and discovered...
Yes Epic also sued Google.

But Epic lawsuit against Google is now for different anti-competitive reasons. At first Epic also sued Google for being anti-competitive with regards to being monopolistic with their Play Store, when Fortnight was ejected from the Play Store for policy violations. Epic initial claim was that since Google Play Store control over 90% of the app downloads, it was essentially a "monopoly". But they amended the lawsuit, probably because it's tough to prove a monopoly, when Epic once took advantage of side loading Fortnight on Android. Thus avoiding the Play Store and Google's commission. Unlike the Apple App Store, there was no reason (except to make more profit) why Epic had to have Fortnight in the Play Store.

They are now suing Google for anti-completive behavior by claiming that Google stood in their way when they wanted to make Fortnight available in the Samsung Galaxy Store, on Samsung Android phones. This amended lawsuit was meant to support 3 dozen States investigating Google for anti-completive behavior, claiming that Google used anti-competivie tactics to keep other apps stores from opening on Android phones. Investigations I'm sure that was brought about by the lobbying effort of the Coalition of App Fairness.

https://www.androidheadlines.com/2021/07/epic-claims-google-tried-blocking-samsungs-galaxy-store-files-amended-lawsuit.html
Apple won't call to ask you to tell them a code you get on your iPhone

davidw

September 2022

appleinsideruser said:

macgui said:

appleinsideruser said:

As @Davidw says, this guy’s story has holes in it.

That's not what Davidw said. He said it's not a phishing scam. He didn't say if it was a hoax, YT stunt, or a very sophisticated attack. But it's clear this wasn't a typical phasing scam. Maybe David could elaborate.

Yes, the holes were in the description of some of the sequences of events. e.g. if you've just changed your password, you can't get 2FA requests.

The issue with spoofing is intrinsic in the insecure SS7 signalling protocol — developed when there were just a few trusted global telcos; these days its a free-for-all.

I think the problem is that the person claiming to be part of a "phishing" attempt is just doing a very poor job of describing what actually happened during the scam attempt, for a "tech personality".

There are two main scams involving Apple ID and receiving verification codes for a password reset.

The first one is with email. The scammer uses an email address as an Apple ID and go to the Apple "forgot password" website and request a reset. Apple will send a real verification code to the phone number listed for that account. The scammers do not have access to this phone number. But they will follow up with an official looking email from Apple to the account holders about attempts to reset their passwords and they must immediately change their password. And there's a link to an official looking Apple site where one can enter their log in name, original password and new password. The fact that Apple sent a real message with a verification code for a password reset to the account holders phone, makes the email seem more real.

The second involve a phone. A scammer will send text messages of a fake (but looks like its officially from Apple) verification codes for a password reset, to anyone and everyone. Then they will follow up with a phone call spoofing Apple Support. The scammer have no idea whether the people receiving the fake text messages even have an Apple ID. But they are hoping that those that do, might mistaken the fake text messages for real ones from Apple and think they are actually receiving a call from Apple Support. Then "Apple Support" will suggest that they change their password immediately and help walk them through the steps. Along the way, they get hold of the account login name, password and the verification code sent to their phones, to change the password. Once the scammer change the password, the account holder is helpless long enough for the scammer to drain any accounts tied to that Apple ID.

None of these involve the scammers knowing beforehand, the passwords or verified phone numbers to any of the Apple ID accounts. The phone scam don't even have to know the login name for an Apple ID account.

What I think happened is that this "tech personality" in the article, received text messages with fake verification codes for a password reset. But he thought they were real 2FA codes from Apple pertaining to attempts to log in to his account on an unknown device. (in which case some one unknown to him, must know his account login and password.) And if the caller (scammer) asked him to read out the verification code on the phone (which finally raised the red flag for him), he must had fell for the Apple Support spoof long enough to help the scammer to go through the password reset process for him, to the point of Apple sending a real verification code to his phone. Otherwise he would not have known about the part where the scammer would need for him to read the new verification code Apple sent to his phone. The earlier fake ones are useless to the scammers.
Apple won't call to ask you to tell them a code you get on your iPhone

davidw

September 2022

That was not a "phishing" scam. With most, if not all, the phishing scammers do not know the log-in and the password to an account and is trying to get both. But with this one, not only did the scammer know the log-in to the account, but the phone number to where Apple sent the two-factor authentication code, when trying to log-in from an unknown device. And in order to get Apple to send the code, the scammer must have known the password. With two-factor authentication, one must enter the correct password, before Apple will send a code to a trusted device, for log in verification. Without entering the correct password to the account, Apple might only send a warning of the attempts to log in. Apple send the code to verify that's it's you, that is logging in from an unknown device. This scammer was trying to hack into this guy account and already knew his log-in, password and verified phone number to the account. Not "phishing" for accounts to hack into by getting people they randomly call, to reveal their log-in and password.

Plus, if his guy changed his password as soon as he received the first set of two-factor authentication codes, then there's no way for the scammer to get Apple to send another code, without knowing the new password. Plus the code times out. And how did the scammer know the password to the account was reset, without knowing the login and original password?

If you use "forgot password", then with two-factor authentication, Apple tells you to use one of your other trusted device to change the password to your Apple ID. It does not involve sending a code where the password can be changed on the device one is trying to log in from. Or answer the security questions from that device. And then you would still need to get a code to log in with a new password, if it's not a trusted device. That involves more than "phishing".
Apple's CSAM detection system may not be perfect, but it is inevitable

davidw

August 2022

crowley said:

davidw said:

crowley said:

M68000 said:

exceptionhandler said:

And until Apple announces their plans for CSAM I’m sticking with iOS 14, regardless of any security patches or features.

So, hypothetically you would rather have your phone hacked and possibly personal info stolen. Got

Apple supports the last three versions of its operating systems for bug and security updates. Wouldn't be a problem for a while.

Are you sure about that?

No, but it's what Macworld say: https://www.macworld.com/article/675021/how-long-does-apple-support-iphones.html

>Apple supports the last three versions of its operating systems for bug and security updates, so if your iPhone runs iOS 13 you should be ok.<

Yeah, it's a screwy and confusing way of saying it, but when read in context with the statements above it, they are saying that Apple will still support an iOS that is even 3 version old, if it's the last version that an iPhone can run. This was in reference to earlier statements that Apple still provided updates to older iOSes, after the release of newer iOSes, because of iPhones that could not run newer iOSes. The support is mainly for the older iPhones, not the older iOSes.

>The length of support increased with the launch of the iPhone 4s in 2011. That phone was able to run operating systems all the way up to iOS 9. Apple was still supporting iOS 9 in 2019 – it issued a GPS related update on 22 July 2019.
The iPhone 5cruns iOS 10, which also received the GPS related update in July 2019.
The iPhone 5sand iPhone 6both run iOS 12, which was last updated by Apple in July 2020 – specifically the update was for devices that don’t support iOS 13, for which the oldest handset is the iPhone 6s..<

In other words, if there was an iPhone now, that runs iOS 14 but can not run iOS 15, then Apple will most likely still support iOS 14 up to at least when iOS 18 is released. But as of now, the bug and security updates for iOS 14 is iOS 15.5.1. And any iPhone from the 6s on can run iOS 15, but the 6s, SE and 7 will not run the soon to be release iOS 16. Which means that Apple will bel signing and supporting a version of iOS 15, until at least the release of iOS 19, to keep those iPhones running with an up to date iOS 15. But there will be no updates for iOS 13 or iOS14 on those iPhones. But it's possible that iOS 12 can still get an update.
Apple's CSAM detection system may not be perfect, but it is inevitable

davidw

August 2022

crowley said:

M68000 said:

exceptionhandler said:

And until Apple announces their plans for CSAM I’m sticking with iOS 14, regardless of any security patches or features.

So, hypothetically you would rather have your phone hacked and possibly personal info stolen. Got it.

Apple supports the last three versions of its operating systems for bug and security updates. Wouldn't be a problem for a while.

Are you sure about that? I think its ..... Apple supports an older iPhone with security and bug updates, with at least 3 versions of iOS, after after the iPhone is discontinued. That would be at least 5 years of support for any new iPhone. And no support after the iPhone is considered obsolete.

Today, a bug and security update for an any iPhone that is still on any version of iOS 14, would be an update to iOS 15.6.1. Apple is only signing (for iPhones) iOS 15.6.1, iOS 12.5.5, iOS 7.1.2 , iOS 6.1.6, iOS 4.1 and iOS 4.2.1. Other than iOS 15.6.1, all the other older iOS that Apple is still signing are the last versions of iOS that certain older model iPhones can support. Without Apple signing those iOS, those older models would become totally useless as one would not be able to install an iOS on them. Like the iPhone 2 is today. Apple is no longer signing any iOS that an iPhone 2 can run.

If you lose any version of iOS 14, on any iPhone today, you can only install iOS 15.5.1. (unless it can run iOS 12.5.5) Apple is no longer signing any versions of iOS 14. If you have an iPhone with iOS 14.5, there is no way to update to the last version of iOS 14 (which would be iOS 14.8) because Apple is no longer signing iOS 14.8. There will never be an iOS 14.8.1 or any other update to iOS 14.8. The security and bug update for iOS 14.8 is iOS 15.6.1, today. And by the end of the year, it'll be at least iOS 16.1.

Maybe you're thinking of OSX. I know I was still getting updates to older versions of OSX (on my Macs), for years after newer versions of OSX had already been released. And I can install any version of OSX, on any Mac that can run it. I'm not forced to install the newest version of OSX, that the Mac can still run. Apple don't have to sign OS X, for it to be installed on a Mac.