March 27, 2024 at 06:17PM
A targeted multi-factor authentication bombing campaign is targeting Apple device owners, bombarding them with password reset requests. It aims to exhaust users into accidentally allowing a password reset and includes sophisticated tactics such as spoofed support calls. Users are advised to be cautious and vigilant in responding to unexpected alerts and communications purporting to be from Apple.
From the meeting notes, it appears that Apple device owners are facing a targeted multi-factor authentication bombing campaign. The campaign aims to exhaust users into inadvertently allowing a password reset. This was first reported by AI entrepreneur Parth Patel and confirmed by security blogger Brian Krebs. The attackers are targeting specific individuals, flooding them with password reset requests at the system level, thereby forcing users to clear numerous notifications before being able to use their Apple devices.
The attack is similar to other multi-factor fatigue attacks seen in the past, which aim to exhaust users into mistakenly allowing someone to change their password. In this case, the attackers went beyond spamming victims. After clearing the notifications, Patel was called by someone impersonating Apple support and asked to provide personal information and a one-time reset code. The caller was able to verify much of Patel’s personal information, which raised suspicion as Patel recognized that the data came from an information firm, PeopleDataLabs.
It is suggested that a rate-limiting flaw in Apple’s iForgot system may be allowing for the bombardment of users with repeated reset requests. Although Apple has not addressed this issue directly, it has provided support on recognizing and handling scams and phishing attempts targeting its users. The meeting notes conclude with advice from Apple: If users receive an unsolicited or suspicious phone call from someone claiming to be from Apple or Apple Support, they should hang up. Additionally, users are advised to be cautious when tapping alerts and to verify the authenticity of any calls claiming to be from Apple support.
In summary, the meeting notes detail the ongoing multi-factor authentication bombing campaign affecting Apple device owners, the tactics used by the attackers, and recommendations for safeguarding against potential scams.