Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Whatever it was, changing the Apple ID password changes something on Apple's servers, and if they have the old state they can change it back.

The only two obstacles I see is if

1. Apple deletes info from their server on password reset 2. The phone was on, and already received the message not to try to sync anymore because of the password change

Both seem unlikely but possible.



You missed the entire point of my post. If I was designing a protocol I intended to be secure, I would add code that would fail if the password was changed and then changed back. I'm not saying Apple did this, but it's entirely possible they did.


How would the phone know that the password was changed if it was off the whole time?

Either 1 or 2 must be true for my proposal to fail.


It hasn't been off, that's been established already.


Where?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: