• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Hackers Use "Find My iPhone" to Lockout and Ransom iOS and Mac Device Users


    Mac and iOS device owners in Australia recently woke up to find their machines locked by Find My iPhone with the hackers responsible demanding payment via PayPal before they return control. A report from Australia’s The Age, as well as multiple posts on Apple’s Support Communities forum, confirmed a number of device owners were targeted in what appears to be a string of related “digital hijackings.” iPhone, iPad and Mac owners in Queensland, New South Wales, Western Australia, South Australia and Victoria have been affected by the attack.

    People targeted in the attack said their devices alerted them to a “Find My iPhone” or “Find My Mac” remote lock, with many receiving an accompanying message reading “Device hacked by Oleg Pliss.” The hackers responsible ended up directing owners to pay up to $100 for a device unlock.

    Based on the reports, the hackers appear to have gained access to users’ iCloud accounts as multiple devices show the same message simultaneously. It’s unclear how this feat was accomplished though password reuse is a likely scenario. Savvy owners who set an access passcode for their computer or iOS device were able to regain control of their device following receipt of the message. Limited by design, Find My iPhone’s functionality only allows users to set a password for device that don’t already have one logged.

    Those owners who didn’t’ set a passcode prior to the hack were reportedly unable to take back their devices. Apple provides a support page that offers a workaround to the issue, though some users may have to contact customer support to completely solve the problem. Along with protecting the device, owners can set up two-factor authentication, which sends a confirmation code to a trusted device before any account changes can be made.
    Were you affected or do you know someone who was?

    Source: Apple (Support), The Age
    This article was originally published in forum thread: Hackers Use "Find My iPhone" to Lockout and Ransom iOS and Mac Device Users started by Akshay Masand View original post
    Comments 7 Comments
    1. znbl's Avatar
      znbl -
      This is a great example of more security actually making one less secure and more vulnerable. I can see how "Find My" services can normally be useful but people don't realize how dangerous it can be in how it can be used as a backdoor.
    1. Zokunei's Avatar
      Zokunei -
      This is why Apple has two-step verification for any time a new device tries to access your Apple ID along with Find My iPhone. Plus, I can't imagine why someone would set up Find My iPhone without putting a passcode on their phone. Taking these measures whenever you enable Find My services should be a requirement though.
    1. znbl's Avatar
      znbl -
      @Zokunei That fine and all, but obviously it's been cracked (for both Mac computers and iDevices.)
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by znbl View Post
      @Zokunei That fine and all, but obviously it's been cracked (for both Mac computers and iDevices.)
      The article says this only affected people who didn't set a passcode. Two-step Apple ID verification might have stopped their iCloud accounts from getting hacked in the first place, but I'm not sure if that is the case because it doesn't say if people who had verification enabled were hacked or not. I'm saying that Apple messed up by not making these extra steps a requirement for enabling Find My.
    1. luvmytj's Avatar
      luvmytj -
      Quote Originally Posted by znbl View Post
      This is a great example of more security actually making one less secure and more vulnerable. I can see how "Find My" services can normally be useful but people don't realize how dangerous it can be in how it can be used as a backdoor.
      Re-read the story as you must not of understood it.
    1. Cokeman's Avatar
      Cokeman -
      This is why people should not use a email address as a user name. Especially when using the same password that's used for iCloud.
    1. znbl's Avatar
      znbl -
      Quote Originally Posted by Zokunei View Post
      The article says this only affected people who didn't set a passcode. Two-step Apple ID verification might have stopped their iCloud accounts from getting hacked in the first place, but I'm not sure if that is the case because it doesn't say if people who had verification enabled were hacked or not. I'm saying that Apple messed up by not making these extra steps a requirement for enabling Find My.
      You're right about the passcode not being set, but why does this let one take over a Mac as well, which doesn't have an iOS-like passcode, but local user accounts instead?