Background 

The Apple infrastructure, Apple ID, is a suite of proprietary processes and applications supporting and enabling exclusive and secure communication between Apple devices (iPhone, iPad, MacBook, and other Apple products). Apple ID, including the iCloud and iTunes, is an account-based identity management tool that synchronizes devices across a family or user’s private account allowing the sharing of files, applications, music, payment method, and other services between devices on a unified account. 

How does it work? 

Think of the Apple ID as a physical cable connected network. All devices on the account are connected, can communicate and share assets among themselves,  and can even locate the geographical position of all other connected  devices no matter where across the globe they are located. Understanding this unique connectivity is crucial to understanding the capabilities of a user with access to the iCloud account using the common account credentials. Particularly interesting is the “Find my iPhone” application which provides the location of any device on the account within less than five meters accuracy. This app is so accurate that users often use the app to find where in their own house a lost device may be located. Additionally, the Apple ID lists all devices that have been on the account and any changes and new devices added to the account.  

IMessage 

Though not dependent upon the Apple ID, iMessage is another unique feature of the Apple Infrastructure. When one Apple  device sends a text message to another Apple device, that message is transmitted within the Apple Infrastructure using proprietary encryption. This increases the security of such messages (known as Short Message Service or SMS) and is displayed in a blue bubble to show its security. Other messages outside the Apple Infrastructure are displayed in a green bubble to indicate the recipient is outside the Apple Infrastructure. In  some cases, where the Apple Infrastructure itself is not reachable,  iMessage is disabled and all SMS texts are sent outside the Apple Infrastructure. Other features are shared among Apple devices but not to those with non-Apple devices such as screen effects, text effects, animojis, and more. This information is included to reinforce the concepts of the unique capability of the Apple Infrastructure 

How do Cyber Harassers and Stalkers Exploit Their Victims Using Apple ID? 

A cyber harasser or stalker who has the iCloud account credentials (username and password) is able to log into the tool and immediately sees all devices, their phone numbers, name of the phone (E.G. Jane’s iPhone 8, George’s iPad, Jennifer’s iPhone 7, Jennifer’s iPhone 7 New, etc.), and each device’s current location in real time. This accomplished, they can also view texts, add text sharing with other devices, know the location of their victim, and know new phone numbers installed on existing or added devices. They are able to meet their victim or monitor their activity and communications. Passwords stored on a  connected iPhone can be accessed and apps, including banking,  healthcare, and other sensitive information is laid bare for the malicious actor. Every detail of a victim’s communication, location, finances, health information, and current activities is open to a cyber harasser or stalker. The vulnerabilities of the victim are clear when you understand how this system works and how it can be exploited.