Google Account

For all the talk of security, iPhones and Android smartphones are both vulnerable to a surprisingly low-tech hack that could leave you locked out of your Apple or Google account, with no access to find your device tools or your data.

The low-tech hack in question? Thieves just need your smartphone passcode and your smartphone. Both iOS and Android have built-in features that let users change the password for their Apple ID or Google account with just the PIN or passcode used to unlock their phone.

The Wall Street Journal detailed the low-tech hack in a recent report, noting that the feature is intended to make it easier for people to change their account passwords. It works because your smartphone is considered a trusted device.

Moreover, the WSJ shared several accounts of this happening to people, revealing just how easy it can be. Someone snooping over your shoulder could see you tap in your PIN. Then if they steal your smartphone, they could use the PIN to change your Apple ID or Google account password. Once changed, the thief would have access to a trove of personal data and the account owners would effectively be locked out. Even worse, the thief could take advantage of the option to force sign out all devices tied to that account, locking victims out of their accounts on other devices they have.

Coupled with the apps many people have on their phones, thieves could potentially do a lot of damage. The WSJ cited several cases of victims having their bank accounts drained by thieves who took their phones, not to mention the thieves would have access to Apple Pay or Google Pay to make purchases. Some victims reported that Apple Cards were opened in their name and used by thieves.

Finally, with access to the Apple or Google account, the thieves can disable security tools for locating missing devices, ultimately enabling them to wipe and resell the stolen phones.

How to protect yourself

Obviously, all of the above is quite concerning for smartphone owners. Thankfully, there are a few ways people can protect themselves. Most of the advice boils down to avoiding using your passcode in public and relying on biometrics like Face ID or fingerprint unlock instead. Though it’s worth noting that there are issues with these unlock methods as well. You can also avoid sharing your passcode and be careful about when you enter it into your phone.

Beyond that, you can strengthen your passcode by making it longer or by switching it to a password instead. Either of these could make it harder for someone to steal by watching you unlock your phone.

Moreover, it’s worth being careful about how you use apps on your phone. For example, don’t enable PIN unlocks for things like your bank app or your password vault. It’s less convenient, but it could hamper a thief’s ability to gain access to sensitive data if they have your passcode.

Source: The Wall Street Journal Via: 9to5Google

Google acquired Fitbit in 2021, but until recently, it would have been easy to miss that the two were partnered up. It was only recently that the ‘Fitbit by Google’ branding rolled out, shortly after the company launched new wearables.

Unfortunately, it won’t stay this way for long.

9to5Google spotted a new Fitbit support website that dives into the details of switching to Google accounts on Fitbit. The short version is starting “sometime in 2023,” Fitbit will enable using a Google account to log into Fitbit.

On the surface, it sounds pretty innocent — people will have the option to sign in with their Google account rather than make a Fitbit account. Except, it won’t stay that way. Elsewhere in the document, it says:

“After we launch Google accounts on Fitbit in 2023, some uses of Fitbit will require a Google account, including to sign up for Fitbit or activate newly released Fitbit devices and features.” (emphasis ours)

And if you choose to keep using a Fitbit account, you’ll only be able to do so “for as long as it’s supported,” which Google promises will “continue until at least early 2025.” After that, Fitbit users will be required to use a Google account. The search giant promises to be “transparent” with users about the timeline for ending Fitbit accounts. What do you get for switching to Google accounts on Fitbit? Well, according to the support site:

“Google accounts on Fitbit will support a number of benefits for Fitbit users, including a single login for Fitbit and other Google services, industry-leading account security, centralized privacy controls for Fitbit user data, and more features from Google on Fitbit.”

One upside to this is a binding condition imposed on Google in order for the Fitbit acquisition to proceed was that Google couldn’t use Fitbit health and wellness data for its ads business. However, it’s worth noting that the condition was imposed by the EU and applies to users in the European Economic Area (EEA). The support doc implies that the commitment applies to all Fitbit users — MobileSyrup has reached out to Fitbit for clarification on this.

Overall, the change isn’t surprising, although it is definitely a bummer for anyone who wanted to keep their Fitbit and Google data separate (technically, it will still be separate since the binding commitments also require Google to keep Fitbit data in a “data silo” separate from other Google data, at least in the EU).

You can read the support document for yourself here.

Source: Fitbit Via: 9to5Google