If you can compromise the iCloud account of an iOS user (pretty sure iOS 2fa is only SMS based), then you can install google authenticator on your own device.
I'm sure it's more complicated than that in reality, but if you have SMS access, you only need to find one weak link in the chain including iCloud/google, email provider, app provider, etc.
chatmasta|8 years ago
I'm sure it's more complicated than that in reality, but if you have SMS access, you only need to find one weak link in the chain including iCloud/google, email provider, app provider, etc.
15155|8 years ago
You sure can, but will you then have the requisite TOTP secrets?