#apple-id
Apple account / iMessage / linked-device material — the platform exposure surface.
7 entries.
From the storm
-
Reset Password
The iPhone system prompt that means someone has asked Apple to reset my account password — two buttons, and the whole attack is hoping I tap the wrong one. Frequent at the campaign's start in November 2024 (when I first noticed concerted hacking, and when my hands began to hurt), quiet for the months since, and now — this past month — back, with noticeably more effort behind it.
-
Not Me
A single letter 'E' was sent out of my iMessage account to an unknown number, marked Read, with a reply. I did not send it. The outbound side of the channel — not the inbound — is what makes this different from everything else in this record.
-
Surveillance Glitch
A multi-part session on what I call the surveillance glitch — the observable artifacts that show up when multiple parties surveil the same target with non-coordinating software stacks. Includes three iPhone screenshots showing 'Unknown Part — Camera' (a non-genuine camera in this device), and physical evidence from prior surveillance — a lamp with a drilled-out hole where a hidden camera was, and an office-break-in incident with deleted email-server logs.
-
Bluetooth Proximity
Wi-Fi and Bluetooth back on in the morning after explicitly switching them off. The ~30-foot Bluetooth range narrows the population of who could reach the device. Plus a file-sync application refusing to sync the folders that matter.
From tactics
-
Outbound impersonation
Someone other than the account holder sends messages out of the account holder's own communication channel — iMessage, email, social-media DM — making the recipient believe the account holder sent them. Distinct from phantom account (which uses the holder's number on a third-party service) — this is the holder's own account, used against the holder.
-
Push bombing
Repeatedly triggering a system-level approval prompt on a target's trusted device — for Apple accounts, the "Reset Password" dialog — in the hope that the target eventually taps Approve by reflex, accident, or fatigue. The attacker needs no password; they need one mistaken tap.
From techniques
-
No wireless — eliminate WiFi and Bluetooth from your environment
Every wireless radio in your environment is both an attack surface and a sensor surface. Wire what you can; turn off what you can't. The convenience cost is real and the threat reduction is larger.