FU Apple! Guess what? Apple Stores you PassCode. How do I know? Because if you forget your Apple PassCODE for your iPhone and iPad, and you forget your AppleID PassWORD, it is possible to recover your account and all your iCloud information, if you have patience. It requires an iPhone, in this case with your old phone number enabled, SIM card not important. I went with the iPhone 12 Pro Max. And you will need, at least temporarily, a new AppleID. At least if you want to use your new device in the meantime. Once you tell Apple you want to recover your AppleID password and you are in their automated system you can expect a call back in about 2 weeks. That's where patience comes in. And it worked. Two weeks later, down to the hour and minute, Apple called. The automated system told me I could now log in and reset my password to my old AppleID account. This is how I did it...but that's not how I know they store your Passcode. That comes a bit later...
On June 4th, at 7:36 am, the new phone rang. It was an automated voice from Apple telling me I could now recover my AppleID. The first thing I did was log into my iCloud on my computer with the old AppleID and reset the password. It worked. It required a call back from Apple with a confirmation code. The second thing I did was log out of the new AppleID that I had set up on a new iPad. And then, when relogging into the iPad with my old AppleID (which required a call back from Apple with a new confirmation code) I discovered something that shouldn’t have happened. It was prompted for a Passcode. What PassCODE? I hadn’t set up a Passcode for that iPad with the old AppleID. Only for the old iPhone that was forgotten. What Passcode was it asking me for? Luckily there was a bypass but it told me I would lose any data that had been end to end encrypted. When I logged into the iPad with the old AppleID I then was able to check to ensure all the pictures, contacts, and iTunes were intact. It looked like there was a lot of data there...I didn’t really look to see when the last backup had occurred. There were very old pictures and it looked like some new ones. I also recognized the music and full contact list.
Then it was time to log out of the new AppleID on the new iPhone 12 Max and log back in with the recovered old one. The moment of truth had arrived. Same thing happened after logging out, logging on, and then receiving a phone call from Apple with a confirmation code to complete the 2-factor authentication. It prompted me for a Passcode. OK...here is what’s weird. I have no idea if this is true or not. If it was prompting me for a Passcode, and that Passcode could only be the Passcode that existed on the old IPhone, the one that was forgotten. That Passcode clearly didn’t only reside on the old iPhone. That phone is a brick and turned off. It was on an Apple server someplace. All this talk about an encrypted iPhone that Apple has given the press, the world, the public, and law enforcement has to be a bunch of happy horseshit. For the new iPad and the new iPhone to be prompting me for that old Passcode means it was extracted from the old iPhone and existed on their servers associated with the old AppleID profile someplace in the cloud. Apple knew that Passcode. They would have to...otherwise what I just witnessed, twice, would not be possible.
It bothered me so much I had to research WTF was going on. So I found an article that explains it. “Why Does Apple Ask for Your Password or Passcode with a New Login (and Why it is Safe)?” Well, if you read this article the writer came to the same conclusion, although it’s not definitive because Apple doesn’t publish what’s actually going on. The conclusion is that Apple does indeed store the Passcode from your devices. However, the Passcode is only ever stored on Apple servers encrypted. Thus, they don’t really know it. OK, so this is the biggest bunch of bullshit I have ever encountered. Not so much because there is anything they can really do with an encrypted Passcode with out work...but because they could. If they give it to you, you still can’t use it in it’s encrypted state. You can’t enter it, for example, you still don’t know it, and neither do they. But in it’s encrypted state, it is definitely discoverable. Thus, if working with law enforcement, for example, when trying to catch a terrorist, Apple were to surrender the Passcode in it's encrypted form, it would be far easier for researchers to figure it out if they have the original, stored, hashed value...because they know exactly how it's encrypted...Apple surely does. As opposed to working with the iPhone itself, trying to extract the encrypted Passcode, and then breaking it. Apple wouldn't have to break it...only run their algorithm until they discovered it...
Oh, one more thing. If you have "Find my phone" enabled and it is associated with your AppleID...if you don't have your Passcode, you are never getting back onto your old phone. Since you will be prompted for the Passcode, even after a hard factory reset. Which, also means, the Passcode is coming in externally. And for which, Apple does not allow you to by-pass. In theory, you would then have all the encrypted data...if you had access to that iPhone. FU Apple. I like my Android just fine. So, don't lose you Passcode, don't forget your AppleID, don't enable "Find my Phone". Or just go with Android.
Here is the article I reference.
https://tidbits.com/2019/09/26/why-apple-asks-for-your-passcode-or-password-with-a-new-login-and-why-its-safe/
No comments:
Post a Comment