Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think "the fappening", xghost and NSO have already clearly demonstrated that mobile security is just PR.



According to Wikipedia "the fappening" was a phishing attack. I don't think that is a mobile specific problem.


That is not correct.

It was actually a distributed campaign with multiple hackers with different methods but the main leaks were due to the following problems:

1. Bug in some Apple services allowed unlimited login attempts

2. Bug in Apple backup restoration function allowed bypassing multi-factor authentication (or was it confirmation email?)

This is all from memory, I might be wrong about the details. Anyway, that Apple initially blamed this on weak passwords and now phisihing clearly demonstrates what kind of PR circus this field is.

Just think about this: when Apple closed these holes (silently), attacks had been going on for 1-2 years. Towards the end there were fairly cheap and reliable hack-my-exs-iphone services on the darknet.


According to the link below it clearly was phishing

https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak...


From your own link:

" ... such as phishing and brute-force attack guessing ..."

Just take a moment to think about the brute force attack and whether that should have worked at this scale in the properly secure environment.


They caught the people responsible, and convicted them, as the Wikipedia page describes in detail at the end. The actual perpetrators acknowledged they'd sent phishing emails to gain access.

Whether or not there was brute force rate limiting available at the time (which seems unclear), that's not related to the specific events you brought up.


Security has always been like this. If you’ve ever tried to hop a fence or bypass a system, you know that it’s heavily stacked against the defense.

Defense needs to patch every hole. Offense just needs to find one hole. That doesn’t mean that it isn’t worth trying to defend, it just means that you need to be realistic.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: