Iphone attack/hack? I was asked for name, number and IMEI

[jubalix]

Ok so I went to get my iPhone screen repaired at one of those smaller shops (not apple).

After repairing my Iphone, with a new screen the lady asked me for

my Name

my Phone number

my IMEI

I Said why? she said for our repair records.

So I gave her my name and my phone number but a fake IMEI (out by a few random digits as I read them out)


Is it possible with a Name and Phone number and IMEI to fake your iPhone download google authenticator, or authy, and get into your Binance wallet accounts?

Can they get all the apps downloaded that you have on their faked phone?


Does this seem really sus? for what reason does she need that info.

Will I be safe having given a fake IMEI?


I had a total brain fart I usually never give out details.

[1714794279]

1714794279

[1714794279]

1714794279

[1714794279]

1714794279

[ranochigo]

Is it possible with a Name and Phone number and IMEI to fake your iPhone download google authenticator, or authy, and get into your Binance wallet accounts?

Not that I know of. Google Auth, Authy operates independent of your IMEI and it should be impossible for anyone to social engineer their way using it as well.

Can they get all the apps downloaded that you have on their faked phone?

No.

Does this seem really sus? for what reason does she need that info.

Will I be safe having given a fake IMEI?

Most countries usually use IMEI as a way to track and identify any possible stolen phones. It is perfectly reasonable and possibly within the guidelines for them to ask for your IMEI. IMEI number has a checksum so they should know if it's invalid if they try to check.

[o_e_l_e_o]

So I gave her my name and my phone number but a fake IMEI (out by a few random digits as I read them out)

My experience of these places is that they ask you to unlock your phone or remove your screen lock PIN/password/biometrics when you hand it over to them. Did you do this? If you've handed your unlocked phone over to them, then they can already have your IMEI and access to your 2FA codes.

Is it possible with a Name and Phone number and IMEI to fake your iPhone download google authenticator, or authy, and get into your Binance wallet accounts?

With a name and phone number, they cannot replicate your Google Authenticator, but they might be able to replicate your Authy if that's what you use. Authy store all their codes on their servers, and so if someone can convince Authy they are you (perhaps by spoofing your phone number or executing a SIM swap attack) then they could access all your 2FA codes and therefore attempt to hack your exchange accounts. This is the main reason you should not use Authy.

If you ever hand your phone over to anyone else for repair or anything else, then you should export all your data to a back up and then wipe it before you hand it over. Do you also have exchange apps such as Binance on your phone? Do you also have an email app which is always logged in to which they could have received password reset emails?

[jubalix]

So I gave her my name and my phone number but a fake IMEI (out by a few random digits as I read them out)

My experience of these places is that they ask you to unlock your phone or remove your screen lock PIN/password/biometrics when you hand it over to them. Did you do this? If you've handed your unlocked phone over to them, then they can already have your IMEI and access to your 2FA codes.

Is it possible with a Name and Phone number and IMEI to fake your iPhone download google authenticator, or authy, and get into your Binance wallet accounts?

With a name and phone number, they cannot replicate your Google Authenticator, but they might be able to replicate your Authy if that's what you use. Authy store all their codes on their servers, and so if someone can convince Authy they are you (perhaps by spoofing your phone number or executing a SIM swap attack) then they could access all your 2FA codes and therefore attempt to hack your exchange accounts. This is the main reason you should not use Authy.

If you ever hand your phone over to anyone else for repair or anything else, then you should export all your data to a backup and then wipe it before you hand it over. Do you also have exchange apps such as Binance on your phone? Do you also have an email app that is always logged in to which they could have received password reset emails?

Ok so I have disabled that phone as a trusted device for my wallet app.

I have also taken out the email password so that the phone no longer knows or store the email password on the apple server.

They did not ask me to unlock the phone, infact I made sure it was locked before I gave it to them

[ranochigo]

With a name and phone number, they cannot replicate your Google Authenticator, but they might be able to replicate your Authy if that's what you use. Authy store all their codes on their servers, and so if someone can convince Authy they are you (perhaps by spoofing your phone number or executing a SIM swap attack) then they could access all your 2FA codes and therefore attempt to hack your exchange accounts. This is the main reason you should not use Authy.

Authy does encrypt their backups and switching device will require the user to decrypt their accounts again. -> That is if my memory serves me right but I felt that it wasn't easy to get compromised through a sim swap.

If you ever hand your phone over to anyone else for repair or anything else, then you should export all your data to a back up and then wipe it before you hand it over.

Exactly. Most devices can have their encryption bypassed, given enough time or a zero-day exploit.

[Findingnemo]

Ok so I have disabled that phone as a trusted device for my wallet app.

I have also taken out the email password so that the phone no longer knows or store the email password on the apple server.

They did not ask me to unlock the phone, infact I made sure it was locked before I gave it to them

So your wallet and 2FA codes are safe and nothing to worry, I think they might asked you those details for billing purpose and it is impossible to replicate IMEI number because its unique identity for every sim slots so it can be created only once.

[o_e_l_e_o]

So your wallet and 2FA codes are safe and nothing to worry

There is no guarantee of that if he handed his phone over to a third party and left it in their possession for several hours, lock screen enabled or not.

[Findingnemo]

So your wallet and 2FA codes are safe and nothing to worry

There is no guarantee of that if he handed his phone over to a third party and left it in their possession for several hours, lock screen enabled or not.

There are multiple ways to unlock an iPhone without passcode or face Id but I am sure it can't be done with basic details like name and IMEI number. Or am I wrong?

*I hate Apple products...

[MRKLYE]

I'd be wary as hell giving out personal device data like that.. They might try to sim clone attack you given enough info.

[o_e_l_e_o]

There are multiple ways to unlock an iPhone without passcode or face Id but I am sure it can't be done with basic details like name and IMEI number. Or am I wrong?

He handed his phone over to a third party and left it in their possession. Maybe he unlocked it in the shop and his PIN was seen by a staff member or recorded on their CCTV. Maybe he used fingerprint unlocking, which is completely stupid since his fingerprints are all over the phone and could be cloned from the phone itself. Perhaps there is some vulnerability which means they can bypass his lock screen. Perhaps they installed some malware on it. Who knows.

If you ever put your phone in for repair, wipe it before you do and wipe it when you get it back. It's the only way to ensure your safety.

[NotATether]

There are multiple ways to unlock an iPhone without passcode or face Id but I am sure it can't be done with basic details like name and IMEI number. Or am I wrong?

You are correct. You must use either your passcode, fingerprint or "Face ID" thing to unlock it. In fact, iPhone gives you 10 attempts to guess the right passcode before it locks you out forever, forcing you to wipe it.

Not to mention that some apps like Microsoft Authenticator force you to authenticate your phone again before you can access the OTP codes. Google Authenticator is not one of them unfortunately, so as you figured, you can't use this information to retrieve Authenticator codes on someone else's phone either (but all bets are off if he gave them the unlocked phone, and to be honest, who the heck needs your phone unlocked just to repair the screen anyway?)

Can they get all the apps downloaded that you have on their faked phone?

They can't do that unless you gave them your Apple ID and password. Hopefully you didn't! 

But even then, they can't get your Authenticator codes because they can't be exported from the iPhone app.  I do not know about Authy though.

Your binance account is definitely safe unless you gave them the login for that or your password manager too (!!!)

[jubalix]

There are multiple ways to unlock an iPhone without passcode or face Id but I am sure it can't be done with basic details like name and IMEI number. Or am I wrong?

He handed his phone over to a third party and left it in their possession. Maybe he unlocked it in the shop and his PIN was seen by a staff member or recorded on their CCTV. Maybe he used fingerprint unlocking, which is completely stupid since his fingerprints are all over the phone and could be cloned from the phone itself. Perhaps there is some vulnerability which means they can bypass his lock screen. Perhaps they installed some malware on it. Who knows.

If you ever put your phone in for repair, wipe it before you do and wipe it when you get it back. It's the only way to ensure your safety.

No I was very careful to lock my phone before I gave it over, still a brain failure though to do so.

anyway, I went back and said I had my phone number and imei really wrong (not just one digit), to some other guy working there and gave them completely wrong ones.

I saw him enter them into his system overwriting the old details. So it seems to be ok. I think they were taking them because people were coming back with a "broken" iPhone screen after they had repaired them and were trying to get a second one reparied for free.

[hugeblack]

IMEI is not a unique number to worry about if you are afraid of hacking. sharing it with others may lead to losing your privacy as it helps in tracking and securing lost or stolen phones.
It is also shared with your service provider which makes tracking the phone easier.
So if you care about your privacy, do not give it to anyone.



Have your phone repaired at a store you trust? otherwise, buy a new phone, especially if you think the data on it is important.
Many file protection methods fail when it comes to physical access to your device.

[COBRAS]

Ok so I went to get my iPhone screen repaired at one of those smaller shops (not apple).

After repairing my Iphone, with a new screen the lady asked me for

my Name

my Phone number

my IMEI

I Said why? she said for our repair records.

So I gave her my name and my phone number but a fake IMEI (out by a few random digits as I read them out)


Is it possible with a Name and Phone number and IMEI to fake your iPhone download google authenticator, or authy, and get into your Binance wallet accounts?

Can they get all the apps downloaded that you have on their faked phone?


Does this seem really sus? for what reason does she need that info.

Will I be safe having given a fake IMEI?


I had a total brain fart I usually never give out details.

YES, IPhones is vulnerables by melware, stealers, etc... But, many of them not ask any info, they get info direcly then you use info in normal conditions and situations...

[jerry0]

I will be going to the apple store to have them install a new battery as my battery is a few years old.  Besides locking the screen with a passcode, what security precautions should one take?  I know there is option to reset your device if you put wrong passcode ten times right?


I do have apps like coinbase/blockfolio and those apps on it.  I am also logged into my gmail/yahoo emails as well when you click on mail.  Do i need to log out of all my emails before i leave the iphone at the apple store since they usually take a bit over an hour or two to replace the battery?


A while back i went to apple store to do battery replacement and i came back and got my phone... i did passcode lock it... but i did not put something like after ten attempts, it resets etc.  So how would you handle going to apple store when getting new battery or repairs then?  I mean obviously if they see you have a crypto wallet they could tell you have coins.

[o_e_l_e_o]

Besides locking the screen with a passcode, what security precautions should one take?

Well, that depends on how paranoid you want to be, how much sensitive data you have on your phone, how much bitcoin you are storing in mobile wallets, and so on.

Is locking the screen enough? Maybe. Some might say probably. Is it 100% safe though? No.

If you want to be as safe as possible, then you need to back up everything on your phone to some offline storage device, perform a factory reset, and ideally write junk data over all the empty space on your phone's storage. When you get your phone back, again you should factory reset it before recovering from your back up.

Is that overkill? Maybe. But at least you know it is safe.

Even better, in the future stop buying overpriced Apple products that don't even let you replace the battery.

[NotATether]

and ideally write junk data over all the empty space on your phone's storage.

There's no way to do that on iOS unless you jailbreak your phone and SSH to localhost but even then there's no guarantee you can write random data without deleting the partitions and bricking the device.

[jerry0]

I don't have crypto on my iphone.  But i am logged into my gmail/yahoo email and also have apps like coinmarketcap etc.  Thus wouldn't want an employee to see these apps if you know what i mean.


But as long you password lock it and make sure you reset it after ten passcode attempts, that should be good right?  Again i would go there only to have them replace a new battery for my old iphone etc.