I suspect his lawyer warned him to pretend to be remorseful during the interview. It did not seem sincere. It seemed more like he was holding back a smile.
Does it actually matter? Entire system built with huge vulnerabilities and he is only one person taking advantage. And its not like he's done something like ripped off millions from people, like so many white collar criminals
Hey ppl, I'm a retired computer/IT person, Yet I still find Dale valskov so informative and straight forward. Thanks for your advise and helping the people...........Great work and love watching.
“Sound” he’s did this interview perfectly with some humor. You want him to cry mid interview? 😂 goofy ahhh indian boi being racist in the internet 😂 smugmydck
It's easy to punish a single person when they do bad. Much harder to punish governments or businesses, especially when it's a much more complicated and opaque situation. Maybe use better reasoning to how you think about people and governments.
@@Bbbbffu Nobody expected him to cry bozo. He could've simply owned up to it and empathized with the victims. But instead he chose to play the victim himself and used 'homelessness' as an excuse to downplay his actions Also I love how you projected your own internalized racism onto me by accusing me of being a racist (the irony), despite the fact that i didn't even mentioned his race/ethnicity in the first place
Wise man once said, the easiest software to hack isn't the programming, it's the user. Most hacks are not hacks but people who get phished and give up their info without thinking. Want to break into a company's system? Phish the employees or get them to download a piece of software via a malicious site which the idiots then take into work in a thumb drive and plug into their computer at work.
@@maxking3148I work in Cybersecurity & your wrong. The sophisticated criminals are now using pre-developed tools & they have offices, salaries, sick and holiday pay and other benefits.
@@oraclejoe3471 I’m one of those weirdos who carries both an android and iPhone around. Two separate plans. I like them both. Where’s android you have the freedom, where’s ios you’ll have a near polished experience plus iMessage. But androids on par with iPhones security wise.
The efficiency of this Dale valskov is next level. To juggle walk throughs of various angles on the topic delivered to-camera, differnet content per topic from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense taccess like this so digestible is really something. Awesome work !!
This man is a hero and the most dangerous man at the same time, but in the best wayyyyy possible! The simplicity with how he explains it and performs these tasks is frightening but educational at the same time. You sir, I would trust you with my life! I applaud this man and need more of him Dale valskov
I find it shocking that the victims would just hand over their phone to a guy they just met (who offered to sell drugs to them)… How careless can you be…?
Did you see the guys in the video he went after? Those guys are easily intimidated, so it looked like he choose his targets based on how wimpy they were. We are also told to worship people like the thief in his video because of our ancestors past sins I guess.
Reminds me of that movie “Catch me if you can” whose main role was played by Leo DiCaprio. The guy is a conman who ended up in prison and then getting hired by banks to teach them about their vulnerabilities, if I’m not mistaken
Exactly it’s the arrogance for me. He’s so proud of this as if he committed a finess only the smartest criminals could pull off. There is nothing subtle or intelligent about this hussle.
@@dffoosag3583there is no art to it, we can all do that but we chose to work a job because the consequences when caught is not worth….no wise man will make crime their career
We need more immeasurably wise and compassionate humans like you on this planet. Thank you for sharing Dale valskov. I bet I'm not alone when I say this video found me at the perfect moment, and there are a lot of things here that I needed to hear right now.
@@Zullfix they recommend you using a 6 digits....and they tell you all the implications of leaking that password. It's the same with Android and even windows PIN. It's a key to everything. It's a feature that makes our lives easier, but if you give that key away you're making criminal's lives easier (=
Adrian Ruthnik's focus on cleansing the industry of scammers is a testament to their commitment to ethical hacking. Their efforts to restore integrity to the field are much appreciated.
There is no doubt that you will rise fast at the apex of your career Dale valskov. Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of Impossible by becoming PRO at tackling Problems. You Rock!
Adrian Ruthnik's transition to the clear web has made their services more accessible and trustworthy. Their commitment to transparency and integrity is evident in their professional approach.
Nah, it just wouldn't work with the interviewing format to be passing a tiny device back and forth that the audience can't see. This was the obvious correct format. Plus she has no reason to be afraid of him stealing her phone. He's locked up. That would be dumb to do and he wouldn't be able to keep it or profit from it in any way.
software security has become a lot better today compared to years ago. Criminals have to choose the easier way, social engineering. No more good ol hacking (breaking into a device or network without touching it) by exploiting software flaw... well, there is but not as many as social engineering hacks.
@@Teluric2 How does one physically acquire a phone to unlock it ? You have to CONVINCE someone to hand it over if you don't have an eye level view. This is why he said he selected drunk college students....So while you may not need social engineering to unlock the phone, you need social engineering to get the phone so that you can unlock it.
@@jyeviolegrace2143 It’s easy because too many people live life comfortably. They go around as if any given thing can’t happen to them because it hasn’t happened yet. You don’t need to research anything to figure out that giving a stranger your phone and the passcode willingly is stupid.
Their move from the dark web to the clear web was a bold step that reflects their commitment to transparency and integrity. Adrian Ruthnik continues to lead the industry with their ethical practices.
Why should we setup passcode to custom Alphanumeric code? Well, a 4, 6-digit code are enough to enter just a second. Sometimes Face ID takes a while more than few seconds. And if you setup custom Alphanumeric code, you won’t enter long passphrase in public because of convenience. Make right angle, or retry Face ID are faster than enter passphrase(more than 25 characters). That’s how custom Alphanumeric code can protect iPhone and our digital life from thief.
Excellent journalism work, Joanna Stern. Because of your reporting, millions of iPhone users will benefit from iOS 17.3 and beyond. Who knows if you can even put a number to how many lives and heartaches you have saved with this critical reporting. Very impressed.
It’s not excellent journalism I just discovered on Reddit that they said this was nothing more than a made up fear mongering piece of 💩 that black guy has a IDMB and he’s an actor so this is all made up think of Jerry Springer
@@americanfreedomworldpeaceso its the banks fault if someone watches you put in your debit card pin, mugs you, and goes on a spending spree? I think not
@@EndOfLineTech once they gain full access to your phone number and Apple account, they can gain access to your bank or payment apps via by 2FA or forgot password reset (reset link via email or text). I was a victim of a "SIM swap scam" and they tried to send themselves money on a payment platform I had, not my bank. My credit card was saved on the payment app. Password was reset via email and text message security code reset.
So if you pay attention he is not taking advantage of an Apple product, he is manipulating a person using social engineering. Also, this guy is a great example of a person with no repentance, when he gets out it’s right back to the same things.
How do you know ? I mean that part was funny. Maybe he is not showing remorse in front of the camera but man give people a chance. Just because he is in prison does not be he cant spare a laugh.
No. If you listen carefully this thief has a specific technique to exploit Apple devices. Specifically that FaceID can be changed to any face and that then allows users to empty bank accounts as there’s no check that the face is the same, only that there is a face. The secondary issue is the ability to change the passcode to iCloud without another factor (minor point as it’s not uniquely iPhone but it is a characteristic of apple products).
@@kpovibonsdani630no. Do not give them a chance. They will absolutely do it again. Dude who scammed me had the help of his father and we made a business deal together. Turns out his father's been doing it for years. It should be a deportable offense but since he is a fully realized citizen they won't deport him. It's crazy to even think about letting criminals stay here just because they became a citizen. They should be walking on eggshells for fear of losing citizenship at any time, but they just come here to scam people.
@@matthewyabsley how he gets initial access is the definition of social engineering, using the person to unlock the phone initially and exploiting that by either remembering the passcode or asking the person for the passcode. After he gains access then he can change the Face ID.
Adrian Ruthnik's transition to the clear web has made their services more accessible without compromising on security. Their commitment to ethical practices sets them apart.
Absolutely, I mean Apple employs some of the smartest people in the country and around the world. I'm very surprised this type of vulnerability wasn't discovered from within. I was a little worried that Apple had decided not to address Joanna's orginal report, but I'm so grateful they did. I feel like Apple owes Joanna big time.
@@dazwhit I agree, locking apps should be a feature soon. Even if some crypto apps have that built-in, it should be an option for every app on the phone.
Sad how they always make kids first and then try to "figure it out" instead making a safe household before procreating and give kids the better start in life they probably never had.
@@esousa486 yeah, if he was doing that before having kids would’ve made more sense. Sad how a lot of people turn to fraud and call it “taking care of family” or just drugged up pop out 6 kids for tax benefits then flex online saying it’s them “making bands” and never even show kids, the actual breadwinners, photos.
What does honest and sincerity sound like again ? A somber tone a with a sweet smile etc . Calm down the dude is in prison volunteer information that doesn't help him in anyway . Appreciate the information that was provided and move on.
This is just one of the many problems you have to worry about if you are in the habit of going to bars, getting drunk and talking to strangers offering you drugs!
Also, the banking apps that let him open them by face id have horrible design flaws. Most of the apps these days won't let you open them with faceid if a new face has been added. It's really weird that banking apps don't have this feature..
I’ve heard of people having a “drinking phone”, usually an older or cheaper model with nothing important on it, just a SIM with a PIN code. Or just a cellular smartwatch, which locks the moment it’s taken off a wrist.
I absolutely love Joanna Stern's videos and reporting, normally because they are funny, light hearted and informative. In this case, Joanna has done an excellent piece of reporting that will probably save a lot of people from having their tech lives hacked. I've had my phone stolen before but literally it was only the phone. My life didn't change. However, if my bank accounts, etc were compromised, it would honestly be devastating. Joanna's perseverance will help many. Thank you.
In my country, the scary thing is criminals forcefully take the phone from you and kidnap you for a couple of hours where they drain you out. So even if you put all these measures in place. If they have you under armed hostage there's no way escaping it.
If not doing what they tell you to do would result in a state of person not breathing, that would just be a summary of your country's crimes in general.
Correct me if I'm wrong here, but some banking apps will actually close the session and force you to log back in using your password if your biometric authentication has been tampered with. Don't save your passwords in your notes app without password protection, and don't enter your passcode in front of other people. This guy doesn't really seem sorry or too regretting, I feel like he will just go out there and do some new techniques once he's out.
Of course they do. This is nothing more than a fear, mongering piece. I wouldn’t even surprised if this was all a fabricated lie in that black guy was just an actor.
If they have full access to your Apple account and phone, they can press forgot password and reset it. Plus not everyone use biometrics for banking, plus fingerprint stops working after awhile as your hands becomes dry and cracked. Face ID could be hacked by simply putting the phone to the person's face, maybe while they're sleeping or if knocked out or worse... Or just when you're conscious and they put the phone to your face and then run away
@@americanfreedomworldpeacethat's not true, the users eyes need to be open to unlock FaceID, you'd literally need a hyper realistic mask costing thousands of dollars or force the person to look at the phone
@@Weronzyreally? Thats common? I guess being an idiot is common then. It’s like if someone asks you for your phone # or address and u give them your wallet to look it up, why would u do that
You can actually get around what he’s doing if you go to screen time and you add a screen time password and add a completely different password and then you can prevent your Apple account from being changed off the phone
When you buy anything with an IMEI number, make sure to have a photo of it and have that number in your personal safe for your records. Pawn shops require you have your personal ID to sell anything and the product's IMEI. As soon as your stuff is missing, you can use your IMEI and report it to the manufacturer and authorities so that if your item is scanned in at like a pawn shop, an investigation can be started. I haven't worked for a cellphone company in a hot minute, it's been about 5 or 6 years now, but the IMEI numbers used to show up in the systems whenever an active SIM card is in the phone and can be black listed and it's location can be given to the authorities based on the towers it last pinged off of.
Kind of wild that you can change the face and still get unrestricted access to banking apps. Those developers should demand the ability to detect that (e.g. new FaceIDID) so they can require a brand new login once the face is updated.
Yeah. That too. But also, asking for an *Apple ID and password* before allowing somone to change FaceID. It baffles me that their optional "fix" is a geolocation measure buried in the Settings and not just asking for the user's password.
All my banking apps are locked if the biometrics get changed and they've been like that for years. So the ability to detect it is there, but clearly some banks are lax about security. Someone being able to reset my Apple ID password with only the passcode is a bad thing, but it will never give them direct access to my bank accounts.
This happened to me in NYC. My case is still open and my suspect is in jail waiting for trial. I would like to talk to WSJ to go over details and my ongoing case, I have a crazy story to tell.
They created a 28 character recovery key, they opened credit cards, applied for much more. I am still living in digital lockdown, I have not gotten my icloud back either.
@@tjr-007ttSome people are just really good with numbers.. I remember numbers. I know all my friends & family's passcodes just from them opening their phones while I'm seated next to them. A few years back, a fellow in the seat in front of me on the bus, gave his credit card information to someone on the phone - I still know that number and expiration. I told him at the time that he should be glad that I'm an honest person and not to do that again. I see this behavior all the time. User error. 😢 (BTW, have a $190 android phone with no data in it, a mathematically complex password, and never open it anywhere near anyone.)
@@tjr-007tt In my case, they had friends that scoped the code, then gave the people that brutally assaulted me the code as they stole my phone. It was a whole operation, 2 people assaulted me, 2 others scoped out my code. Thats a long story short.
@@tomikun8057 I don't mean for people who use supported devices on those older versions, I mean for people who use devices that were dropped with iOS 16 and 17, the iPhone 6s, 6S plus, SE first generation, seven, 7+, eight, 8+, X, iPod touch seventh generation, iPad mini four, iPad Air two, iPad fifth generation, iPad Pro 12.9 inch first generation, and iPad Pro 9.7 inch.
I always thought that the iCloud password is more important than the code. But to make it more convenient to the users, now the code is my important than everything else.
No, it’s an Apple-introduced vulnerability. The passcode was never designed to protect the Apple ID from the beginning. Now they made the passcode the most powerful thing, even more powerful than passwords. It’s bonkers
Nearly all people have the minimum passcode of 4 digits on their phones, which is NOT enough to protect an online account. If you argue that the user shouldn't use such a short passcode, blame apple for allowing it to be that short. Even TOTP 2FA apps have a minimum length of 6 digits, and those codes are only valid for 30 seconds. This is not the user's fault, this is an inherit security flaw in apple's ecosystem.
Security is not just about providing biometrics or password protection, but also about identifying critical hacks and enforce preventive measures. So... some blame is on Apple as well. This is enforced in banking very much... limits on transaction amount from ATM, internet banking etc.
I’m surprised it lets you add a new face and just take over bank accounts set on a prior Face ID lock mode. The apps should be responsible as well partly to store security data like that and make you login via the actual password set for the banking app for example if the face is removed and a new one added.
Bank in UK NatWest , you use your face ID to open the app however to add ,change approve a transaction you need to verify it's you for example if you add new payee you need to verify it's you in the app this is independent from apple face ID ,you set this up when you download and log in first time, it takes a picture of you.
The way iPhone security works is that your biometric data (FaceID/Fingerprints) are never shared with any of the apps on the phone. They just query the phone and the phone responds with whether the challenge passed or failed. There's no way for apps to validate your info unless they also made you input a password in addtion to the FaceID or TouchID login, which would obviously annoy people. This one is on Apple to fix.
@@CutiePi I get what you're saying but what you're missing is that they will just ask if FaceID sees a match, and it will say that it does. FaceID can't tell whether or not it is the same match as before because that old data was wiped clean by the thief. Apple does not let the biometric data out of the FaceID or TouchID chips themselves. Even the iPhone's operating system doesn't see that data, it just gets what's effectively a "match" or "no match"...your biometrics stay on the FaceID chip for security and privacy reasons and as a result it can't pass on details to the apps installed on your phone either.
@@Invid72Apple could offer a hash to prove that these face id results generated this hash for the app, if one face is removed or added to their list, the hash is different and require to re login. Android already does it, not sure how its done on Android, if anything was changed about finger print settings, nearly every app requires a relogin to enable fingerprint again.
Simply changing your password to 6 letters is over 300x more secure than using the six digit numerical code. Just don't enter your password in public/in front of people and always use Face ID/Touch ID.
@@svandehurkmaybe retake your face scans. My face id works brilliantly on my 15 vs my 11 i had before. I also had an 11 that was cracked at the sensors, so i turned face id off because it was too annoying and would rarely work
@@mpetty9947 neither does force or coercion and theft and manipulation put one behind bars as he found out. So hope is a virtue which far surpasses a vice
I’ll never under comments like this- stop thinking like you. Start thinking critically and empathetic: you don’t typically go from a nice stable home , with an education and a support system to being homeless. That’s rare. He was hella young and homeless.. which means he probably never developed or was stunted in matters of impulse control. So they are having sex. Because it’s nature but literally are not capable of visualizing the consequences
Someone who’s had stability would say hey I am not financially ready I wanna have sex but not kids. But to me what you’re saying is like “wait so you were broke and still spent money on drugs?” Yes. Because logic and forethought are gone. He stole and should be punished but when I see that nobody wants to give an ounce of understanding or compassion I begin to believe this will be a cycle that will just keep happening.
@@99names16 Well, then you should try to learn from a rock on how to Not make a kid. One kid costs like $100,000 dollars from 0 to 18 years. Use your brain if you have one
I mean, don't hand your phone to a random stranger and then give them your password. I feel bad for the people that had to learn this lesson but like, come on man.
You should consider doing a piece on the other side of the story which is how Apple absolutely refuses to support the actual iPhone owner once their phone is stolen and they're locked out of their Apple ID, and they loose thousands of dollars of digital assests.
Scariest thing is that the Apple ID itself (the email address) can be changed, then you can't even start account recovery as you don't know anymore the Apple ID to restore.
I think those things are kind of at your own risk. Banks won't help you either if you give someone your PIN and they steal your money. Of course, these guys aren't going to admit they gave out their passcode because they were trying to score drugs or be attached to the next up and coming rapper. While it may not be foolproof, I don't put financial things on my phone in hopes of preventing things like this. I also don't have an iPhone. 🤷🏾♀️
The same as WhatsApp, if your phone is stolen and the SIM removed, the attacker can still assume your identity to speak to your contacts. You can not get back in and they refuse to block the account as there is still no way to after 7years of reporting this.
Exactly. Your phone is everything today. Literally more than your social security. Some store clerk took my phone once to use my phone to see a product. I told them no. Seriously trust no one.
The truth is Apple Inc love a guy like this guy because this guy is helping them widen their ecosystem. As for the people who lost their iPhones to this guy, will bet, they got another iPhone. Never hand your phone to anyone.
So basically he locks the phone and then tries his face to unlock it. The phone doesn’t allow it. So he hands it back saying sorry man it’s locked and the stupid user unlocks the phone with the passcode and gives it back. In that moment he and his gang notices the passcode
That’s the thing. It only works if you’re an absolute moron or drunk. I’m not saying this isn’t worth reporting or that apple shouldn’t take extra steps to prevent this, but this really isn’t as scary as people are making it out to be. 99% of people will be fine because they were taught common sense
I don't know if its an american thing but i never understood why people in the US give their phones when adding someone as contact instead of asking their number or userId and then saving it themselves. It almost takes the same amount of time. A couple of days back i was watching a video about a server in a restaurant somewhere in the US who swiped thousands of dollars from customers credit card simply because in the US customers just hand over their card to the servers to pay whereas in most other countries that i know of the server brings the card machine to the table or you go to the cash counter to pay (usually in small establishments). I think people should be more careful whether its their credit card or phone because phone contains all your personal data and even money and just don't give either in the hands of random strangers even if it makes u look rude for a moment
Situational awareness is the key to preventing yourself from falling victim to one of these types of attack. 1. If you're in a crowd, find yourself a secure area to put your account PIN in. For example, put your back against a wall with your phone as close to yourself as possible so as to not allow anyone to be able to look over and be able to see you enter your PIN. 2. If you can't use method number 2, just like when you're at an ATM and you're entering your account PIN, cover your phone with one hand while inputting your PIN with the other. Again, this is to make it so that no one can see you enter your PIN. Again, situational awareness is key. Know your surroundings, never leave your phone on a table or bar and if you do need to turn your head away, put your hand atop it to keep it secure and in your control. When you're in public, you need to be wary of everything that's going on around you including people; in other words, be paranoid of your device and your person. Always act under the condition that you're being watched and take precautions to minimize the threat.
The type of phones that don’t have face-unlock, are probably at lower risk of being stolen. But good suggestions for those devices where it’s mandatory to enter a pin.
No. The biggest problem is our criminal justice system go easy on criminals. Plus, iPhone owners should be able to go to an Apple store to change their iCloud account.
The biggest problem is Apple allowing someone to add a FaceID without asking for the user's AppleID password and their optional "fix" is a geolocation measure buried in the Settings instead of just asking for the user's AppleID password.
Theres also the possibility to lock password changes and iclout changes in screentime -> content & privacy restrictions where you can lock different things. That was there already for some time and its basically to restrict children. But can easily be used as precaution for thiefs (or against repairshop people) aswell 🤷♂️
Don't be dim your phone is not Smart neither are you But the hacker is to a degree He already has all the information To hack your information even Child mode do not be silly Stop online phone banking payment systems being hacked You can't see Being robbed you can see and feel
You also need to enable Content and Privacy Restriction under Screen Time. This will lock access to your appleid as it will be restricted by a secondary pin.
I mean, sure, if you hate your life lol. You have to go all the way back to screen time, put in the passcode, get to where to turn it off, then go back to the Apple ID settings. Then do it all again. I know, I’m being dramatic, but there is a simpler way. Don’t put your passcode in when others may be able to watch you do it. Be more careful. However, if you’re not going to be more careful, I suppose your way works too.
@@mattbrown8139 bro what? I’ve been doing this screen time content & privacy restrictions for two years and the only time I ever needed to unlock it was to change iCloud billing info, maybe two times
This will not protect you. It only slows down the attacker. Screen time code can be changed by a thief using the device passcode and a request to change it
Just like there's no jobs for homeless people, there's no jobs for convicts. OFC he won't change his ways. Even if he wanted to, he doesn't have any options if he wants to earn a living. Some people can make good choices because good choices are available to them. Other people are forced to make bad choices because there are no good ones. Would he make a good choice if offered? We don't know.
That and ONLY allow biometrics to open banking apps, otherwise requesting the banking password specifically. Also, using biometrics to open the settings as an option.
@@nylotical only allowing biometrics to open apps is also a security issue; security is not a single "lock" mechanism. The idea of cybersecurity is to have layers of security. Way to show you do not know about security.
This is still baffling me. Apple was allowing phones to be reset and FaceID to be added *without asking for the Apple ID password, just the device's Pin number.* That's INSANE. And their "fix" is LAZY AF.
Apple knows their user base. Those people can't remember more than one password. Also they were giving out their passcode to strangers. No amount 6 of security can save those people.
I was in absolute tears hearing that man leave the message for that scammer. You have my total respect and god bless you 𝗛𝗼𝗻𝗲𝘀𝘁𝘆𝗯𝗮𝘀𝗲𝘁𝗲𝗰𝗵 for helping as many people as you can. It seems so crazy that people fall for these things but then again, the elderly were raised in a different time before computers and before online scammers. I hope through your channel that more people reject these morons from India and tell them where to go. Thanks again!
The phone lock screen passcode is not the account password. You shouldn't be able to change anything meaningful using the lock screen passcode of any device. With the account password, a security code sent to text, email, or anything like that, yes. With a lock screen passcode or pattern, never. This is beyond obvious.
@@RockoStarrYou The ability to change ones account ID password is a convenience factor that solves another problem of users forgetting their account passwords. The ability to change this password with device passcode was implemented to prevent the occasional circumstances of people getting locked out of their Account forever because they couldn't remember their password. And I can bet this happens exponentially more than someone stealing both device and passcode. It all boils down to user awareness and carefulness than saying this is "Apple's vulnerability," which is not!
@@wisdomyaw03Let's not act like "Forgot your password?" hasn't been a method for effectively recovering accounts for a long, long time. I agree that recovery through passcode shouldn't be presented as Apple's vulnerability though. It ultimately lies on the user, but it IS fair to say it's easier to exploit.
@@RockoStarrYou I'm not arguing against how easy it is to exploit like in this video. But, again, that "exploit" starts with the user. So I wouldn't say it is "Apple's vulnerability". It's a matter of balancing security with convenience.
Another way around this do this, go to Settings -> Restrictions -> Content and Privacy Restrictions -> In the allow changes section you can disable Allow Passcode changes and Account Changes
General rule of thumb is to never share your passcode with anyone except trusted sources. Family, loved ones, business partner, etc. It's too risky otherwise.
For real. I'm still trying to figure out who was paying such a high price for these phones! Like when he said he would sell the Pro Mac for $950 all I was thinking was "to who?!" I used to buy phones off Craigslist and knew at least 50% of them were probably stolen or fraud but there's no way to know until like a week after you buy them. For that reason I would buy a phone like that for MAYYYBE $400 and tell him there is no way for me to know if it's a bad ESN or not until it's too late and the only way I could purchase the phone is if I could ship it to China and make $100 on it if I'm lucky. Even then the buyers are usually trying to find a way to get the phone for free from you so it's just not worth it most of the time. Worst part is, places like T-Mobile will actually let you activate the phone and then disconnect service and won't refund you if that happens. Happened to me. I bought a phone that was apparently on a contract but T-mobile didn't tell me that but they said all was good. I activated it and at the 2 month mark on my 3rd payment it was disconnected. Couldn't even call customer service. Finally I was told that the phone was behind on payments. I asked how much and they wouldn't tell me. I asked if I could just pay the remainder and they said no. Ridiculous. Thankfully dude owned a store at the mall and he tried to give me the runaround til I told him I was calling the cops.
No, thief sees you type in 6 digit passcode. Then snatches your phone and run (or secretly steals/pickpockets you). Then a few minutes later, you are locked out of your own Apple account as thief changes password. All that's needed is 6 digit passcode to have full control over your entire digital life. Watch their 1st video to understand.
"When you get out are you gonna forget about this trick..." "There's gonna be new tricks out..." 😂😂😂 Lol this dude is a menace and clearly can't wait to get back to work
Ive got my iphone stolen 2 months ago. It was one of the most devastating things happened to me in the last few years. Not only about the 1200 buvks that it cost but all my info/passwords/2factor authentication, etc was through my phone. I didnt know how vurnalable I'd became without the phone. Its crazy...still having some issues that related to it.
@@Tsukino1011 I'd say it is more a case of no longer being able to log into many things because you've lost the sole device you used for storing your passwords and two-factor codes. I have alternatives, but I think some people rely on a single device.
His apology at the end was about as genuine as a three-dollar bill.
He's sorry he got caught lol
I suspect his lawyer warned him to pretend to be remorseful during the interview. It did not seem sincere. It seemed more like he was holding back a smile.
🤣🤣
"I was homeless, I didn't have a job"
Does it actually matter? Entire system built with huge vulnerabilities and he is only one person taking advantage. And its not like he's done something like ripped off millions from people, like so many white collar criminals
Hey ppl, I'm a retired computer/IT person, Yet I still find Dale valskov so informative and straight forward. Thanks for your advise and helping the people...........Great work and love watching.
Dude definitely doesn't sound like he has any regrets. He isn't sorry for his actions, he's just sorry that he got caught.
“Sound” he’s did this interview perfectly with some humor. You want him to cry mid interview? 😂 goofy ahhh indian boi being racist in the internet 😂 smugmydck
Nope, he will go back at is next time and being extra careful knowing the mistakes he did last time,,, Definitely not sorry.
It's easy to punish a single person when they do bad. Much harder to punish governments or businesses, especially when it's a much more complicated and opaque situation. Maybe use better reasoning to how you think about people and governments.
@@Bbbbffu Nobody expected him to cry bozo. He could've simply owned up to it and empathized with the victims. But instead he chose to play the victim himself and used 'homelessness' as an excuse to downplay his actions
Also I love how you projected your own internalized racism onto me by accusing me of being a racist (the irony), despite the fact that i didn't even mentioned his race/ethnicity in the first place
What happens when you buy a $1500 phone and pretend you care about society, others, etc. Someone gonna challenge you on it.
The biggest vulnerability in cyber security are the users
being black
Users are almost always the weakest link
Wise man once said, the easiest software to hack isn't the programming, it's the user. Most hacks are not hacks but people who get phished and give up their info without thinking. Want to break into a company's system? Phish the employees or get them to download a piece of software via a malicious site which the idiots then take into work in a thumb drive and plug into their computer at work.
Facts
@@maxking3148I work in Cybersecurity & your wrong. The sophisticated criminals are now using pre-developed tools & they have offices, salaries, sick and holiday pay and other benefits.
Rule of thumb. Treat your phone like an ATM in public. You wouldn’t take money out while someone you didn’t know was watching you.
FACTS
Yes try to remember my 16 alphanumeric with characters passcode that I don’t have to enter in public because I use FaceID. So no. I don’t really care.
😂😂😂 This whole well prepared fear show is about trust us and give us your finger prints and Face ID, you can trust us .
or just get an android
@@oraclejoe3471 I’m one of those weirdos who carries both an android and iPhone around. Two separate plans. I like them both. Where’s android you have the freedom, where’s ios you’ll have a near polished experience plus iMessage.
But androids on par with iPhones security wise.
The efficiency of this Dale valskov is next level. To juggle walk throughs of various angles on the topic delivered to-camera, differnet content per topic from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense taccess like this so digestible is really something. Awesome work !!
This man is a hero and the most dangerous man at the same time, but in the best wayyyyy possible! The simplicity with how he explains it and performs these tasks is frightening but educational at the same time. You sir, I would trust you with my life! I applaud this man and need more of him Dale valskov
This interview was definitely part of the plea agreement 😂
Hahahaha
he still got 94 months
First thing I thought
Nah...
Had to b cause what bro this is anything
The way he apologized at the end it really shows he’s a genuine guy and won’t do it again. 😂
Ofc he obv won't do it the day he gets out
😂😂😂
He’s sorry he got caught
yup, he’d definitely target you😂
@@dynamo1796 yup
I find it shocking that the victims would just hand over their phone to a guy they just met (who offered to sell drugs to them)… How careless can you be…?
As careless as alcohol makes you. Alcohol shuts down the logic part of the brain.
they dont want to seem racist.
those beta boys get scared of a "big" guy like this... that's why he targets them
Did you see the guys in the video he went after? Those guys are easily intimidated, so it looked like he choose his targets based on how wimpy they were. We are also told to worship people like the thief in his video because of our ancestors past sins I guess.
@@Fighter4StreetWe are not told to worship thieves.
What are you talking about?
“Faster than you can say supercalifragilisticexpialidocious” took me out 😂 he’s a quirky thief
😅
U not alone on that one 😂😂😂
He seems "smarter" than the average black dude ............
Exactly😂😂
@esousa486 because he isn't black but Hispanic
"but first they gotta hire me" that caught me off guard 😂
😂😂😂
🤣😂 he ain't sh💩t
Direct TV hired the guy that hacked them.
Reminds me of that movie “Catch me if you can” whose main role was played by Leo DiCaprio. The guy is a conman who ended up in prison and then getting hired by banks to teach them about their vulnerabilities, if I’m not mistaken
apple hired the the developer who made cydia
He’s describing it like an art form, when really, all he had to do is ask drunk people to unlock their phone in front of him😂
That’s the art
"they should hire me"
Exactly it’s the arrogance for me. He’s so proud of this as if he committed a finess only the smartest criminals could pull off. There is nothing subtle or intelligent about this hussle.
@@dffoosag3583there is no art to it, we can all do that but we chose to work a job because the consequences when caught is not worth….no wise man will make crime their career
They are just advertising apple products
We need more immeasurably wise and compassionate humans like you on this planet. Thank you for sharing Dale valskov. I bet I'm not alone when I say this video found me at the perfect moment, and there are a lot of things here that I needed to hear right now.
I'm not an apple fan or user....but calling "Apple vulnerability" the act of drunk users giving their passwords away is crazy
I mean, allowing your minimum 8-character apple ID password be changed by simply knowing a 4-digit passcode *is* a vulnerability.
@@Zullfix they recommend you using a 6 digits....and they tell you all the implications of leaking that password. It's the same with Android and even windows PIN. It's a key to everything. It's a feature that makes our lives easier, but if you give that key away you're making criminal's lives easier (=
Fr, apple fans will defend anything. Humans are the biggest vulnerability but not fixing that exploit is hilarious to me.@@Zullfix
Yeah rrrright, but calling some decade old features "innovative" is craziest
The vulnerability is in apple’s simplified design where a 4 digit passcode can end your life basically.
Adrian Ruthnik's focus on cleansing the industry of scammers is a testament to their commitment to ethical hacking. Their efforts to restore integrity to the field are much appreciated.
I changed my passcode after watching this, and then immediately changed it back because I realized I never leave the house.
Thanks for reminding me!
😂😂
L😅😂L
😂😂😂 This whole well prepared fear show is about trust us and give us your finger prints and Face ID, you can trust us .
ok
There is no doubt that you will rise fast at the apex of your career Dale valskov. Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of Impossible by becoming PRO at tackling Problems. You Rock!
Yes please. I would love a video that does a deep dive on the *Metaspyclub* project
Adrian Ruthnik's transition to the clear web has made their services more accessible and trustworthy. Their commitment to transparency and integrity is evident in their professional approach.
On Android you need to re-enter the passwords on each app that uses biometrics after biometrics change. A bit annoying but clearly useful
Evidence that iOS isn't as secure as people say it is
Lol, if this was Instagram, you'd get hate speech immediately for saying this.
He did say he stole androids . I guess you missed that part
@@Jst4vdeosdon’t buy drugs kids. Simple.
@@Underdog271 stealing and accessing banking are very different. Android forces you to re-enter the apps password if there has been a biometric change
Even the reporter was scared of handing him her real phone. So she kept showing the printouts of her phone. Very thoughtful 👏
Nah, it just wouldn't work with the interviewing format to be passing a tiny device back and forth that the audience can't see. This was the obvious correct format. Plus she has no reason to be afraid of him stealing her phone. He's locked up. That would be dumb to do and he wouldn't be able to keep it or profit from it in any way.
He’s being interviewed while in prison. There’s guards in the room with them and they most certainly said NOT to hand him a real phone.
the reporter is at work doing a story she never has to hand over anything personal to a convicted felon
It’s prison can’t bring a phone
Iykyk
Social engineering is the one and truly vulnerability cybersecurity cannot seem to shake off
my advice is that people do there research manipulation techniques shouldn't be that effective yet it is , probably due to lack of education
software security has become a lot better today compared to years ago. Criminals have to choose the easier way, social engineering. No more good ol hacking (breaking into a device or network without touching it) by exploiting software flaw... well, there is but not as many as social engineering hacks.
You dont need social engineering to unlock an iphone.
@@Teluric2 How does one physically acquire a phone to unlock it ? You have to CONVINCE someone to hand it over if you don't have an eye level view. This is why he said he selected drunk college students....So while you may not need social engineering to unlock the phone, you need social engineering to get the phone so that you can unlock it.
@@jyeviolegrace2143 It’s easy because too many people live life comfortably. They go around as if any given thing can’t happen to them because it hasn’t happened yet. You don’t need to research anything to figure out that giving a stranger your phone and the passcode willingly is stupid.
Their move from the dark web to the clear web was a bold step that reflects their commitment to transparency and integrity. Adrian Ruthnik continues to lead the industry with their ethical practices.
Chilling reminder that a simple 6-digit code can unlock your entire digital life.
More like a f**king security disaster from apple and those banking apps.
If you let it.
so this. all of what happened here is the peoples own fault@@mattbrown8139
Dude, don’t give your passcode out to people and when you’re in a public setting use Face ID don’t put in your password. This is just common sense.
Why should we setup passcode to custom Alphanumeric code? Well, a 4, 6-digit code are enough to enter just a second. Sometimes Face ID takes a while more than few seconds. And if you setup custom Alphanumeric code, you won’t enter long passphrase in public because of convenience. Make right angle, or retry Face ID are faster than enter passphrase(more than 25 characters). That’s how custom Alphanumeric code can protect iPhone and our digital life from thief.
Excellent journalism work, Joanna Stern. Because of your reporting, millions of iPhone users will benefit from iOS 17.3 and beyond. Who knows if you can even put a number to how many lives and heartaches you have saved with this critical reporting. Very impressed.
It’s not excellent journalism I just discovered on Reddit that they said this was nothing more than a made up fear mongering piece of 💩 that black guy has a IDMB and he’s an actor so this is all made up think of Jerry Springer
Sadly many iPhone owners don't want to admit Apple is at fault too, they blame the person
@@americanfreedomworldpeaceso its the banks fault if someone watches you put in your debit card pin, mugs you, and goes on a spending spree? I think not
@@phothewin6019please explain, what is special about the Pixel 8 pro’s security settings out of the box?
@@EndOfLineTech once they gain full access to your phone number and Apple account, they can gain access to your bank or payment apps via by 2FA or forgot password reset (reset link via email or text). I was a victim of a "SIM swap scam" and they tried to send themselves money on a payment platform I had, not my bank. My credit card was saved on the payment app. Password was reset via email and text message security code reset.
So if you pay attention he is not taking advantage of an Apple product, he is manipulating a person using social engineering. Also, this guy is a great example of a person with no repentance, when he gets out it’s right back to the same things.
Fr
How do you know ? I mean that part was funny. Maybe he is not showing remorse in front of the camera but man give people a chance. Just because he is in prison does not be he cant spare a laugh.
No. If you listen carefully this thief has a specific technique to exploit Apple devices. Specifically that FaceID can be changed to any face and that then allows users to empty bank accounts as there’s no check that the face is the same, only that there is a face. The secondary issue is the ability to change the passcode to iCloud without another factor (minor point as it’s not uniquely iPhone but it is a characteristic of apple products).
@@kpovibonsdani630no. Do not give them a chance. They will absolutely do it again. Dude who scammed me had the help of his father and we made a business deal together. Turns out his father's been doing it for years. It should be a deportable offense but since he is a fully realized citizen they won't deport him. It's crazy to even think about letting criminals stay here just because they became a citizen. They should be walking on eggshells for fear of losing citizenship at any time, but they just come here to scam people.
@@matthewyabsley how he gets initial access is the definition of social engineering, using the person to unlock the phone initially and exploiting that by either remembering the passcode or asking the person for the passcode. After he gains access then he can change the Face ID.
Adrian Ruthnik's transition to the clear web has made their services more accessible without compromising on security. Their commitment to ethical practices sets them apart.
“I was homeless then started having kids” 🙄
Like what?🤦🏾♀️ sex should be the last thing on a homeless person’s mind! 🙄
😂😂😂
@@mayberryfiya3528you’d think that but sex is at the bottom of Maslow’s pyramid along with water, food, shelter etc. It’s just a physiological need.
That irritated me so much 😑
He was making $20k a weekend, $1-2 million total and gives us a sob story about being homeless and "just needing to feed his kids"? Yea, no.
"i couldn't find a job"
you dont say???? companies chose NOT to hire a guy with neck tattoos?? 😂😂
@@dreamybull1509it's 2024 your take is tone deaf😂😂😂😂 its literally CEOS and Execs with neck tattoos
@@dreamybull1509plenty of companies hire people with tattoos that’s no longer a thing - he was just too lazy to get one leave it at that.
@@dreamybull1509 you have no understanding of the world do ya? makes sense.
I largely credit Joanna’s report for Apple’s new security measures, it was a massive oversight that I’m glad got addressed.
Absolutely, I mean Apple employs some of the smartest people in the country and around the world. I'm very surprised this type of vulnerability wasn't discovered from within. I was a little worried that Apple had decided not to address Joanna's orginal report, but I'm so grateful they did. I feel like Apple owes Joanna big time.
Apple could do more to lock apps and folders with additional layers of security.
@@dazwhit I agree, locking apps should be a feature soon. Even if some crypto apps have that built-in, it should be an option for every app on the phone.
It really didnt
no matter what ...just know the C.I.A. and MOSSAD can break into your phone faster then u can say " hi "
"I was homeless, started having kids, needed money, no job" wat a logic mane
Yea, ruined the kids' lives being in prison not paying child support
Sad how they always make kids first and then try to "figure it out" instead making a safe household before procreating and give kids the better start in life they probably never had.
atleast they are set for a long time@@MoneyMan28
Usual suspect ..... But this one is more "clever" than others
@@esousa486 yeah, if he was doing that before having kids would’ve made more sense. Sad how a lot of people turn to fraud and call it “taking care of family” or just drugged up pop out 6 kids for tax benefits then flex online saying it’s them “making bands” and never even show kids, the actual breadwinners, photos.
I believe creating awareness among people is extremely important in order to avoid further incidents and victimization.
He doesn’t sound like he is being honest if he will do it again.
He's having an interview that will be broadcast to the world, of course he's not going to say that he'll be back with the old gang 😂
What does honest and sincerity sound like again ? A somber tone a with a sweet smile etc . Calm down the dude is in prison volunteer information that doesn't help him in anyway . Appreciate the information that was provided and move on.
🤡. He’s giving you honest advice.
Bros definitely scheming something else once he gets out 😂
He said there's gonna be new tricks out 🫣
I hope that this guy can change when he gets out because I know that he doesn't want to go back to prison.
@@Collector3476 After making 10k a weekend, he probably doesn’t have enough incentive to do normal work. But I pray he can change.
Imagine if people were this proactive with things that matter and bring good.
This is just one of the many problems you have to worry about if you are in the habit of going to bars, getting drunk and talking to strangers offering you drugs!
Also, the banking apps that let him open them by face id have horrible design flaws.
Most of the apps these days won't let you open them with faceid if a new face has been added.
It's really weird that banking apps don't have this feature..
I’ve heard of people having a “drinking phone”, usually an older or cheaper model with nothing important on it, just a SIM with a PIN code. Or just a cellular smartwatch, which locks the moment it’s taken off a wrist.
@@B.D.F. I have a drinking phone and drinking car in case I get in an accident driving home.
Talking to strangers offering you drugs sounds insane to be honest, i always have my own stuff
I got my phone stolen twice
I absolutely love Joanna Stern's videos and reporting, normally because they are funny, light hearted and informative. In this case, Joanna has done an excellent piece of reporting that will probably save a lot of people from having their tech lives hacked. I've had my phone stolen before but literally it was only the phone. My life didn't change. However, if my bank accounts, etc were compromised, it would honestly be devastating. Joanna's perseverance will help many. Thank you.
In my country, the scary thing is criminals forcefully take the phone from you and kidnap you for a couple of hours where they drain you out. So even if you put all these measures in place. If they have you under armed hostage there's no way escaping it.
Are you in SA?
If not doing what they tell you to do would result in a state of person not breathing, that would just be a summary of your country's crimes in general.
What is your country?
That’s the most extreme situation though
well, relocate.
Correct me if I'm wrong here, but some banking apps will actually close the session and force you to log back in using your password if your biometric authentication has been tampered with.
Don't save your passwords in your notes app without password protection, and don't enter your passcode in front of other people.
This guy doesn't really seem sorry or too regretting, I feel like he will just go out there and do some new techniques once he's out.
Yea that is true, changed my passwords and face id and bank app required me to input banking password and forced log out
Of course they do. This is nothing more than a fear, mongering piece. I wouldn’t even surprised if this was all a fabricated lie in that black guy was just an actor.
If they have full access to your Apple account and phone, they can press forgot password and reset it. Plus not everyone use biometrics for banking, plus fingerprint stops working after awhile as your hands becomes dry and cracked. Face ID could be hacked by simply putting the phone to the person's face, maybe while they're sleeping or if knocked out or worse... Or just when you're conscious and they put the phone to your face and then run away
@@americanfreedomworldpeacethat's not true, the users eyes need to be open to unlock FaceID, you'd literally need a hyper realistic mask costing thousands of dollars or force the person to look at the phone
actually samsung pay does this! apple pay should do too.
Why tf would you hand a stranger your phone?!
Pretty common in the US when giving out numbers and Snapchats.
@@Weronzyreally? Thats common? I guess being an idiot is common then. It’s like if someone asks you for your phone # or address and u give them your wallet to look it up, why would u do that
@@jicalzad ask them? 🤷🏻♂️
Hey man I left my keys and phone in my car and I'm locked out. Can I borrow your phone to make a call?
I love how many of you don’t know that guides access exists
He's sorry he got caught you can tell that was a high for him like a drug for a junkie 😂
He gonna do it again
@@cherylblossom9163He will do it again. Because he doesn't respect the law.
“But then, they gotta hire me” Epic 😂
You can actually get around what he’s doing if you go to screen time and you add a screen time password and add a completely different password and then you can prevent your Apple account from being changed off the phone
He will be doing this again once released and hoping he won't get caught.
I wish I could predict the future like you . What are the winning lotto numbers ?
@@sumguy9120 Did you listen at the end of interview of what he said? 🤡
@@sumguy9120because he totally regrets earning $20k a weekend, sure🤡🤡 the only thing he regrets is getting caught.
He could be recruited by the FBI cybercrime division to aid in the capture of more iPhone stealers.
Feds gonna be on him.
When you buy anything with an IMEI number, make sure to have a photo of it and have that number in your personal safe for your records. Pawn shops require you have your personal ID to sell anything and the product's IMEI. As soon as your stuff is missing, you can use your IMEI and report it to the manufacturer and authorities so that if your item is scanned in at like a pawn shop, an investigation can be started. I haven't worked for a cellphone company in a hot minute, it's been about 5 or 6 years now, but the IMEI numbers used to show up in the systems whenever an active SIM card is in the phone and can be black listed and it's location can be given to the authorities based on the towers it last pinged off of.
Problem is IMEI cloning. Also, most cops will not even bother with stolen phones, only cars or very higher value items.
Ya I’m sure that works in all countries EXCEPT South Africa my beloved country 😂
Lol, I know at least 4 or 5 pawn shops right now I could sell them anything and they won't even ask for an ID.
He's suppressing a smile while he makes his apologies... not the expression of someone who is sorry.
💯💯💯
Kind of wild that you can change the face and still get unrestricted access to banking apps. Those developers should demand the ability to detect that (e.g. new FaceIDID) so they can require a brand new login once the face is updated.
That's really what shocked me. Easy to implement.
All my banking apps require the actual bank numbers, codes and passwords to be re-entered if the faceID is changed.
Yes!
Yeah. That too. But also, asking for an *Apple ID and password* before allowing somone to change FaceID.
It baffles me that their optional "fix" is a geolocation measure buried in the Settings and not just asking for the user's password.
All my banking apps are locked if the biometrics get changed and they've been like that for years. So the ability to detect it is there, but clearly some banks are lax about security. Someone being able to reset my Apple ID password with only the passcode is a bad thing, but it will never give them direct access to my bank accounts.
Thanks for covering this. This happened to me and it’s encouraging to see increased awareness. Excellent journalism
Do you use face id?
This is a Commonsense issue. Pay attention to your surroundings.
@@commonsensebuyerlol oh didn't think about that, great insight
"You wanna buy some?" "Nooo" while tweaked out is wild
This happened to me in NYC. My case is still open and my suspect is in jail waiting for trial. I would like to talk to WSJ to go over details and my ongoing case, I have a crazy story to tell.
They created a 28 character recovery key, they opened credit cards, applied for much more. I am still living in digital lockdown, I have not gotten my icloud back either.
I’m curious as to how they got to your phone in the first place, and how were they able to unlock it?
@@tjr-007ttSome people are just really good with numbers..
I remember numbers. I know all my friends & family's passcodes just from them opening their phones while I'm seated next to them.
A few years back, a fellow in the seat in front of me on the bus, gave his credit card information to someone on the phone - I still know that number and expiration. I told him at the time that he should be glad that I'm an honest person and not to do that again.
I see this behavior all the time. User error. 😢
(BTW, have a $190 android phone with no data in it, a mathematically complex password, and never open it anywhere near anyone.)
@@tjr-007tt In my case, they had friends that scoped the code, then gave the people that brutally assaulted me the code as they stole my phone. It was a whole operation, 2 people assaulted me, 2 others scoped out my code. Thats a long story short.
@@HunchoVidsabsolutely appalled by Apple's lack of action, your iCloud still locked?
He got straight to the point when he gets out of jail "there will be new tricks out"
😂
Apple needs to add this stolen device protection to iOS 15 and 16 as well, as they are still being supported with security updates.
No
@@noyes.yes
Good thing I’ve never used finger Touch ID and Face ID on any iPhone ever. It’s insecure.
no, just use ios 17
the only reason to stay back is if you're a jailbreaker/sideloader
if you're either of those then you can probably do better
@@tomikun8057 I don't mean for people who use supported devices on those older versions, I mean for people who use devices that were dropped with iOS 16 and 17, the iPhone 6s, 6S plus, SE first generation, seven, 7+, eight, 8+, X, iPod touch seventh generation, iPad mini four, iPad Air two, iPad fifth generation, iPad Pro 12.9 inch first generation, and iPad Pro 9.7 inch.
I was homeless, started having kids, couldn’t find a job… just about the opposite of a life plan
😂😂😂
😂😂😂
🤣🤣🤣🤣🤣
None of this is possible if Apple asks for current Apple ID password instead of 6 digits passcode before letting you change the Apple ID password
Yeah, but what if you forgot your Apple-ID-password? You would never be able to log into your account again...
@@ChrisMustermann That’s why sometimes listening to customers isn’t the best idea 😂😂
@@ChrisMustermann2FA, most people have more than 1 Apple product. If not, a recovery email should do it
@@ChrisMustermanndon’t you have to put in an alternate email when you make an account or something?
@@ryleypalmer Can’t remember how it was several years ago when I set up my account. Over the years their safety-mechanisms changed a lot.
This is not an "Apple security vulnerability". This is a user defect.
I always thought that the iCloud password is more important than the code. But to make it more convenient to the users, now the code is my important than everything else.
No, it’s an Apple-introduced vulnerability. The passcode was never designed to protect the Apple ID from the beginning. Now they made the passcode the most powerful thing, even more powerful than passwords. It’s bonkers
It's both. A 6 digit pin is as secure as your birthdate
Nearly all people have the minimum passcode of 4 digits on their phones, which is NOT enough to protect an online account. If you argue that the user shouldn't use such a short passcode, blame apple for allowing it to be that short. Even TOTP 2FA apps have a minimum length of 6 digits, and those codes are only valid for 30 seconds. This is not the user's fault, this is an inherit security flaw in apple's ecosystem.
Security is not just about providing biometrics or password protection, but also about identifying critical hacks and enforce preventive measures.
So... some blame is on Apple as well.
This is enforced in banking very much... limits on transaction amount from ATM, internet banking etc.
I’m surprised it lets you add a new face and just take over bank accounts set on a prior Face ID lock mode. The apps should be responsible as well partly to store security data like that and make you login via the actual password set for the banking app for example if the face is removed and a new one added.
Bank in UK NatWest , you use your face ID to open the app however to add ,change approve a transaction you need to verify it's you for example if you add new payee you need to verify it's you in the app this is independent from apple face ID ,you set this up when you download and log in first time, it takes a picture of you.
The way iPhone security works is that your biometric data (FaceID/Fingerprints) are never shared with any of the apps on the phone. They just query the phone and the phone responds with whether the challenge passed or failed. There's no way for apps to validate your info unless they also made you input a password in addtion to the FaceID or TouchID login, which would obviously annoy people. This one is on Apple to fix.
So basically apple should notify all apps that biometrics changed, so that they re-ask
@@CutiePi I get what you're saying but what you're missing is that they will just ask if FaceID sees a match, and it will say that it does. FaceID can't tell whether or not it is the same match as before because that old data was wiped clean by the thief. Apple does not let the biometric data out of the FaceID or TouchID chips themselves. Even the iPhone's operating system doesn't see that data, it just gets what's effectively a "match" or "no match"...your biometrics stay on the FaceID chip for security and privacy reasons and as a result it can't pass on details to the apps installed on your phone either.
@@Invid72Apple could offer a hash to prove that these face id results generated this hash for the app, if one face is removed or added to their list, the hash is different and require to re login. Android already does it, not sure how its done on Android, if anything was changed about finger print settings, nearly every app requires a relogin to enable fingerprint again.
Man’s said there’s going to be new tricks when I get out 😭😭😭😭😂😂😂😂 he gon get out and run up the bag again
He’s 26 years old looking like he’s going on 45 😂
Yeah that's what prison will do to you
@@sharondalewis1620 🙇🏾♂️🙇🏾♂️🙇🏾♂️
Simply changing your password to 6 letters is over 300x more secure than using the six digit numerical code. Just don't enter your password in public/in front of people and always use Face ID/Touch ID.
300x only is true for guessing it. It doesn’t improve security if someone is watching you enter it. Use biometrics in public. Only.
True, but I still have to put in the 6 or even 4 digits every day, FaceID doesnt work always constantly.
On Android I enable the setting to hide the numbers as they're being pressed
@@svandehurkmaybe retake your face scans. My face id works brilliantly on my 15 vs my 11 i had before. I also had an 11 that was cracked at the sensors, so i turned face id off because it was too annoying and would rarely work
@@halo2bounceguy Seems to be the default on iOS, because I don't see the numbers as I type in the code on my old iPhone.
There is no accountability, made kids while homeless. Then decided to rob people because of his poor decision making.
BLM
Yup. Probably on food stamps and government assistance too; thanks to hard working, responsible tax payer money.
Hope he's being honest not just to the camera but to himself and he actually does do better in life.
Hoping never works.
@@mpetty9947 neither does force or coercion and theft and manipulation put one behind bars as he found out. So hope is a virtue which far surpasses a vice
“ I was homeless, I didn't have a job, started having kids” Seriously no job no home but make kids?
He wants his kids to be homeless too just like daddy in prison
I’ll never under comments like this- stop thinking like you. Start thinking critically and empathetic: you don’t typically go from a nice stable home , with an education and a support system to being homeless. That’s rare. He was hella young and homeless.. which means he probably never developed or was stunted in matters of impulse control. So they are having sex. Because it’s nature but literally are not capable of visualizing the consequences
Someone who’s had stability would say hey I am not financially ready I wanna have sex but not kids.
But to me what you’re saying is like “wait so you were broke and still spent money on drugs?”
Yes. Because logic and forethought are gone.
He stole and should be punished but when I see that nobody wants to give an ounce of understanding or compassion I begin to believe this will be a cycle that will just keep happening.
@@99names16 Well, then you should try to learn from a rock on how to Not make a kid.
One kid costs like $100,000 dollars from 0 to 18 years. Use your brain if you have one
The poorest people are the people who have kids. It’s the people with money who don’t want them.
You can tell he is still proud of this trick.
Probably gives him massive street cred where he is.
I mean, don't hand your phone to a random stranger and then give them your password. I feel bad for the people that had to learn this lesson but like, come on man.
I was thinking similarly. I don’t like anyone touching my phone due to germs as is.
You should consider doing a piece on the other side of the story which is how Apple absolutely refuses to support the actual iPhone owner once their phone is stolen and they're locked out of their Apple ID, and they loose thousands of dollars of digital assests.
Scariest thing is that the Apple ID itself (the email address) can be changed, then you can't even start account recovery as you don't know anymore the Apple ID to restore.
how does that work? are they protecting the owner from a scammer getting into their phone or what? They can't just let anybody access without proving.
I think those things are kind of at your own risk. Banks won't help you either if you give someone your PIN and they steal your money. Of course, these guys aren't going to admit they gave out their passcode because they were trying to score drugs or be attached to the next up and coming rapper. While it may not be foolproof, I don't put financial things on my phone in hopes of preventing things like this. I also don't have an iPhone. 🤷🏾♀️
The same as WhatsApp, if your phone is stolen and the SIM removed, the attacker can still assume your identity to speak to your contacts. You can not get back in and they refuse to block the account as there is still no way to after 7years of reporting this.
number 1 lesson: DON'T GIVE YOUR PHONE TO ANYONE, NOT EVEN YOUR FAMILY.
He said he also used violence in some cases.
And dont forget to Change your phone to Android
Exactly. Your phone is everything today. Literally more than your social security. Some store clerk took my phone once to use my phone to see a product. I told them no. Seriously trust no one.
Pro life tip: have a family you can trust.
Pro tip 2: use Guided Access if you hand a phone to someone else
The truth is Apple Inc love a guy like this guy because this guy is helping them widen their ecosystem. As for the people who lost their iPhones to this guy, will bet, they got another iPhone. Never hand your phone to anyone.
I came to this expecting good tips and instead got “don’t give your phone passcode to random people posing as drug dealers”.
Yeah, now investigative journalism is basically just common sense.
**YOU gotta treat your iPhone like the ATM machine!** Hide when you enter your code.
I still don’t see how his strategy works with anyone except the most careless and gullible people.
it indeed only works with the most gullible and careless people out there, but this group is bigger than you think.
So basically he locks the phone and then tries his face to unlock it. The phone doesn’t allow it. So he hands it back saying sorry man it’s locked and the stupid user unlocks the phone with the passcode and gives it back. In that moment he and his gang notices the passcode
Yes, that's how spam works. A person who can't spot obvious signs is a perfect victim.
That’s the thing. It only works if you’re an absolute moron or drunk. I’m not saying this isn’t worth reporting or that apple shouldn’t take extra steps to prevent this, but this really isn’t as scary as people are making it out to be. 99% of people will be fine because they were taught common sense
People are too trusting.
He's smiling whilst saying sorry, yeah he's real sorry
He definitely shot his shot with the "first you got to hire me"
I don't know if its an american thing but i never understood why people in the US give their phones when adding someone as contact instead of asking their number or userId and then saving it themselves. It almost takes the same amount of time.
A couple of days back i was watching a video about a server in a restaurant somewhere in the US who swiped thousands of dollars from customers credit card simply because in the US customers just hand over their card to the servers to pay whereas in most other countries that i know of the server brings the card machine to the table or you go to the cash counter to pay (usually in small establishments).
I think people should be more careful whether its their credit card or phone because phone contains all your personal data and even money and just don't give either in the hands of random strangers even if it makes u look rude for a moment
"I truly am sorry" Yeah, and my grandmother is a virgin
Situational awareness is the key to preventing yourself from falling victim to one of these types of attack.
1. If you're in a crowd, find yourself a secure area to put your account PIN in. For example, put your back against a wall with your phone as close to yourself as possible so as to not allow anyone to be able to look over and be able to see you enter your PIN.
2. If you can't use method number 2, just like when you're at an ATM and you're entering your account PIN, cover your phone with one hand while inputting your PIN with the other. Again, this is to make it so that no one can see you enter your PIN.
Again, situational awareness is key. Know your surroundings, never leave your phone on a table or bar and if you do need to turn your head away, put your hand atop it to keep it secure and in your control. When you're in public, you need to be wary of everything that's going on around you including people; in other words, be paranoid of your device and your person. Always act under the condition that you're being watched and take precautions to minimize the threat.
The type of phones that don’t have face-unlock, are probably at lower risk of being stolen. But good suggestions for those devices where it’s mandatory to enter a pin.
It appears the biggest problem is the owner of the phone don’t ever give your phone to a stranger. Keep updating your phone in a regular basis
No. The biggest problem is our criminal justice system go easy on criminals. Plus, iPhone owners should be able to go to an Apple store to change their iCloud account.
The biggest problem is Apple allowing someone to add a FaceID without asking for the user's AppleID password and their optional "fix" is a geolocation measure buried in the Settings instead of just asking for the user's AppleID password.
No doubt the users were at fault too but Apple's "security" is severely lacking and their optional fix is not good enough in my opinion.
I don't give no one my phone
This guy is smart enough to have started an honest business that helped people. To bad he didn't find better options.
He used to get 20k a weekend
Theres also the possibility to lock password changes and iclout changes in screentime -> content & privacy restrictions where you can lock different things. That was there already for some time and its basically to restrict children. But can easily be used as precaution for thiefs (or against repairshop people) aswell 🤷♂️
Thanks for this important information. I was able to go in and lock everything I needed even my wallet
Thais is amazing, thank you so much!
Don't be dim your phone is not
Smart neither are you
But the hacker is to a degree
He already has all the information
To hack your information even
Child mode do not be silly
Stop online phone banking payment systems being hacked
You can't see
Being robbed you can see and feel
Thanks for this
You also need to enable Content and Privacy Restriction under Screen Time. This will lock access to your appleid as it will be restricted by a secondary pin.
I mean, sure, if you hate your life lol. You have to go all the way back to screen time, put in the passcode, get to where to turn it off, then go back to the Apple ID settings. Then do it all again. I know, I’m being dramatic, but there is a simpler way. Don’t put your passcode in when others may be able to watch you do it. Be more careful. However, if you’re not going to be more careful, I suppose your way works too.
And turn on 2-factor authentication!
@@mattbrown8139 bro what? I’ve been doing this screen time content & privacy restrictions for two years and the only time I ever needed to unlock it was to change iCloud billing info, maybe two times
This will not protect you. It only slows down the attacker. Screen time code can be changed by a thief using the device passcode and a request to change it
@@nnjjee1how are they able to request to change it? Isnt the screen time pass code diff than the device passcode ?🤔
He said he was homeless and started having kids . That was a smart move.😂
My eyes got so wide when he said that!!!
thats why andriod are alot safer with fingerprint sensors and also needs a password and code
Theyre safer cos of theyre poor resale value
Dude is going to learn the new tricks when he gets out
What do you mean when he gets out? He's already learning the new tricks INSIDE prison lol
Stop being so negative, He will get a normal job and become a better person if someone gives him a chance.
Just like there's no jobs for homeless people, there's no jobs for convicts. OFC he won't change his ways. Even if he wanted to, he doesn't have any options if he wants to earn a living. Some people can make good choices because good choices are available to them. Other people are forced to make bad choices because there are no good ones. Would he make a good choice if offered? We don't know.
Why can’t Apple add security questions as well. doing all these resetting outside and stuff. That’ll be a great idea.
Why. They gets tons of extra sells with this.
That and ONLY allow biometrics to open banking apps, otherwise requesting the banking password specifically. Also, using biometrics to open the settings as an option.
@@nylotical only allowing biometrics to open apps is also a security issue; security is not a single "lock" mechanism. The idea of cybersecurity is to have layers of security. Way to show you do not know about security.
nooooo no no more security questions pita to the legit user
I'd be surprised if most people actually remember most Security Questions they set up for any service, let alone Apple IDs.
This is still baffling me. Apple was allowing phones to be reset and FaceID to be added *without asking for the Apple ID password, just the device's Pin number.* That's INSANE.
And their "fix" is LAZY AF.
That would solve majority of issues. That or setting up a different passcode for those things
Most people store their Apple ID password in the notes app. He would get it from there, still not a complete fix.
Apple knows their user base. Those people can't remember more than one password.
Also they were giving out their passcode to strangers. No amount 6 of security can save those people.
@@RightySnipeZ That would not be Apple's fault. The lax security around FaceID is.
@@RightySnipeZwhy would I store that in my notes app. My brain still works mate.
I was in absolute tears hearing that man leave the message for that scammer. You have my total respect and god bless you 𝗛𝗼𝗻𝗲𝘀𝘁𝘆𝗯𝗮𝘀𝗲𝘁𝗲𝗰𝗵 for helping as many people as you can. It seems so crazy that people fall for these things but then again, the elderly were raised in a different time before computers and before online scammers. I hope through your channel that more people reject these morons from India and tell them where to go. Thanks again!
This guy is actually crafty, if not smart. There are people like this everywhere. They are on 24/7.
no regrets this man has.
You no longer have to be homeless. You can always live in prison like this guy!
With three square meals!
So he'd never come out even after 90 months
And never see his family when he wants!
@@robkennedy5906yeah on tax payer money. They need to bring gulags back in business.
Vulnerability? Are you serious ? If you give your keys to someone else, is that also a vulnerability?
Providing key : Vulnerability Stage I
Device theft : Vulnerability Stage II
Emotional Collapse : Vulnerability Stage III
The phone lock screen passcode is not the account password.
You shouldn't be able to change anything meaningful using the lock screen passcode of any device.
With the account password, a security code sent to text, email, or anything like that, yes. With a lock screen passcode or pattern, never.
This is beyond obvious.
@@RockoStarrYou The ability to change ones account ID password is a convenience factor that solves another problem of users forgetting their account passwords. The ability to change this password with device passcode was implemented to prevent the occasional circumstances of people getting locked out of their Account forever because they couldn't remember their password. And I can bet this happens exponentially more than someone stealing both device and passcode.
It all boils down to user awareness and carefulness than saying this is "Apple's vulnerability," which is not!
@@wisdomyaw03Let's not act like "Forgot your password?" hasn't been a method for effectively recovering accounts for a long, long time.
I agree that recovery through passcode shouldn't be presented as Apple's vulnerability though. It ultimately lies on the user, but it IS fair to say it's easier to exploit.
@@RockoStarrYou I'm not arguing against how easy it is to exploit like in this video. But, again, that "exploit" starts with the user. So I wouldn't say it is "Apple's vulnerability". It's a matter of balancing security with convenience.
Another way around this do this, go to Settings -> Restrictions -> Content and Privacy Restrictions -> In the allow changes section you can disable Allow Passcode changes and Account Changes
General rule of thumb is to never share your passcode with anyone except trusted sources. Family, loved ones, business partner, etc. It's too risky otherwise.
What a wonderful human being
For real. I'm still trying to figure out who was paying such a high price for these phones! Like when he said he would sell the Pro Mac for $950 all I was thinking was "to who?!" I used to buy phones off Craigslist and knew at least 50% of them were probably stolen or fraud but there's no way to know until like a week after you buy them. For that reason I would buy a phone like that for MAYYYBE $400 and tell him there is no way for me to know if it's a bad ESN or not until it's too late and the only way I could purchase the phone is if I could ship it to China and make $100 on it if I'm lucky. Even then the buyers are usually trying to find a way to get the phone for free from you so it's just not worth it most of the time.
Worst part is, places like T-Mobile will actually let you activate the phone and then disconnect service and won't refund you if that happens. Happened to me. I bought a phone that was apparently on a contract but T-mobile didn't tell me that but they said all was good. I activated it and at the 2 month mark on my 3rd payment it was disconnected. Couldn't even call customer service. Finally I was told that the phone was behind on payments. I asked how much and they wouldn't tell me. I asked if I could just pay the remainder and they said no. Ridiculous.
Thankfully dude owned a store at the mall and he tried to give me the runaround til I told him I was calling the cops.
“But first, they gotta hire me” What a guy
Next generation watching and learning.
So the vulnerability in apples software is the user giving their pin to the thief?
No, thief sees you type in 6 digit passcode. Then snatches your phone and run (or secretly steals/pickpockets you). Then a few minutes later, you are locked out of your own Apple account as thief changes password. All that's needed is 6 digit passcode to have full control over your entire digital life. Watch their 1st video to understand.
There is no technology to protect the weakest link... clueless users.
"When you get out are you gonna forget about this trick..."
"There's gonna be new tricks out..."
😂😂😂 Lol this dude is a menace and clearly can't wait to get back to work
Yo people be acting like phones ain't the most personal thing you carry around, you gotta be mad careful with it and people can't be trusted.
Ive got my iphone stolen 2 months ago. It was one of the most devastating things happened to me in the last few years. Not only about the 1200 buvks that it cost but all my info/passwords/2factor authentication, etc was through my phone. I didnt know how vurnalable I'd became without the phone. Its crazy...still having some issues that related to it.
That’s why iCloud is a thing and erasing stuff from it is via iTunes and other devices
@@Tsukino1011 I'd say it is more a case of no longer being able to log into many things because you've lost the sole device you used for storing your passwords and two-factor codes. I have alternatives, but I think some people rely on a single device.