SecureMac, Inc.

Checklist 351: 2FA, DNA, Heavy Hacks, and Knock-Offs

November 9, 2023

Fake Apple products worth $400,000 seized in California, Apple warns of state-sponsored hacking attempts, and genealogy companies mandate two-factor authentication after 23andMe breach.

Checklist 351:2FA, DNA, Heavy Hacks, and Knock-Offs header images with red text over white background

Checklist 351: 2FA, DNA, Heavy Hacks, and Knock-Offs

Counterfeit Apple Products Seized Worth $400,000, Exposed for Poor Quality

A recent discovery sheds light on the abysmal quality of knock-off Apple AirPods, reinforcing warnings against counterfeit goods. In a summer exposé, a bust in California intercepted imitation Apple products valued at $400,000, originating from Hong Kong. The confiscated haul included 220 fake wrist wearable devices and 1,200 pairs of wireless headphones.

Back in August, the risks of buying knock-offs were highlighted: disappointment for recipients, potential malfunctions, and safety concerns due to substandard manufacturing. This week, a firm called Lumafield conducted a CT scan on fake AirPods, revealing their inferiority. Lumafield’s Jon Bruner shared images on Twitter, exposing the fakes’ shortcomings compared to authentic AirPods.

The knock-offs displayed poor craftsmanship, with inferior component connections, sloppy soldering, and substandard materials. They featured a single off-the-shelf microphone, contrasting with Apple’s three higher-quality mics. The case quality was notably inferior, lacking magnets and offering only one battery. Shockingly, to imitate the weight of genuine AirPods, the counterfeit cases were equipped with added weights.

While the scan didn’t address sound quality or Bluetooth performance, it reinforced that knock-offs lack essential features like compatibility with Apple services, including Find My and the virtual assistant. Buyers deceived by these counterfeit goods might end up disappointed and even risking their safety.

Consumers are strongly advised against purchasing fake products, emphasizing the importance of authentic, quality-tested items that come with warranties and manufacturer support. The caution extends beyond AirPods to encompass other Apple accessories like smartwatches and styli.

The report underscores the importance of steering clear of knock-offs and suggests referring to a previous podcast episode, “Checklist 341 – Fake Goods and Student Loan Scams,” available at and various podcast platforms.

For further details, the full story is available at AppleInsider: Scans Reveal How Counterfeiters Fake AirPods with Cheap Components.

Apple Alerts Users of State-Sponsored Hacking Attempts in India and Armenia

In a recent turn of events, Apple has issued alerts to iPhone users in both India and Armenia, warning of potential state-sponsored hacking attempts. This move comes amidst growing concerns and speculations regarding government-linked cyber threats.

Just a week after addressing state-sponsored attacks targeting journalists and political figures in India, Apple has now issued similar warnings in Armenia. The alerts indicate a potential threat of Pegasus spyware, which, as reported by local sources, may have been deployed by the Azerbaijani government in the past.

The Cupertino tech giant has maintained a cautious stance, highlighting the possibility of these notifications being false alarms while emphasizing the need for users to take precautionary measures. Apple has refrained from specifically attributing these potential attacks to any particular entity or confirming the usage of NSO Pegasus.

The situation raises speculation over the intentions behind these suspected attacks—whether they stem from the governments of these nations or external actors. This ambiguity reflects the challenging position Apple finds itself in, particularly concerning its business endeavors in these regions and its cooperation with the local administrations.

The company has provided recommended steps for users to safeguard their devices against such potential threats, echoing previous discussions on security measures featured in past episodes of the Checklist podcast.

This development underscores the escalating concerns surrounding state-sponsored cyberattacks and the significance of reinforcing device security measures. For more details on this story and related security measures, visit the full article on AppleInsider.

Stay tuned for further updates as this story unfolds, highlighting the complexities faced by tech giants like Apple in navigating diplomatic, security, and business relations in various global landscapes.


Genealogy Companies Mandate Two-Factor Authentication After 23andMe Data Breach

In response to the recent 23andMe data breach, genealogy giants like 23andMe, Ancestry, and MyHeritage are rolling out mandatory two-factor authentication (2FA) for user accounts. The breach, involving hackers gaining access to user data through credential stuffing, emphasized the importance of unique passwords and the vulnerabilities of reused credentials. 

The breach exposed a critical flaw in the genealogy site’s functionality. Users opting for likely genetic matches unwittingly became entangled in potential security threats. Even users with strong, unique passwords were affected if their accounts overlapped with those vulnerable to hacking.

23andMe, acknowledging the urgency of enhanced security measures, announced the enforcement of a second step of verification for all customers signing into their accounts. Meanwhile, Ancestry pledged to implement mandatory 2FA by the year-end, and MyHeritage indicated a forthcoming rollout of the security feature.

Two-factor authentication, a security protocol necessitating two forms of identification for access, has gained prominence as a safeguard against such breaches. It typically involves a combination of a password with a biometric identifier, an app-generated code, or a physical device authentication.

While these measures are a positive step forward, the urgency for their implementation remains a concern. As genealogy companies gradually enforce 2FA, the gap between the current vulnerability and enhanced security measures raises apprehensions. The swift deployment of mandatory 2FA is crucial to fortify user data against potential breaches and ensure a more secure user experience.


Get the latest security news and deals