Results 1 to 8 of 8

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Hackers Use "Find My iPhone" to Lockout and Ransom iOS and Mac Device Users

  1. #1
    What's Jailbreak? Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    5,897
    Thanks
    3
    Thanked 200 Times in 179 Posts

    Default Hackers Use "Find My iPhone" to Lockout and Ransom iOS and Mac Device Users


    Mac and iOS device owners in Australia recently woke up to find their machines locked by Find My iPhone with the hackers responsible demanding payment via PayPal before they return control. A report from Australia’s The Age, as well as multiple posts on Apple’s Support Communities forum, confirmed a number of device owners were targeted in what appears to be a string of related “digital hijackings.” iPhone, iPad and Mac owners in Queensland, New South Wales, Western Australia, South Australia and Victoria have been affected by the attack.

    People targeted in the attack said their devices alerted them to a “Find My iPhone” or “Find My Mac” remote lock, with many receiving an accompanying message reading “Device hacked by Oleg Pliss.” The hackers responsible ended up directing owners to pay up to $100 for a device unlock.

    Based on the reports, the hackers appear to have gained access to users’ iCloud accounts as multiple devices show the same message simultaneously. It’s unclear how this feat was accomplished though password reuse is a likely scenario. Savvy owners who set an access passcode for their computer or iOS device were able to regain control of their device following receipt of the message. Limited by design, Find My iPhone’s functionality only allows users to set a password for device that don’t already have one logged.

    Those owners who didn’t’ set a passcode prior to the hack were reportedly unable to take back their devices. Apple provides a support page that offers a workaround to the issue, though some users may have to contact customer support to completely solve the problem. Along with protecting the device, owners can set up two-factor authentication, which sends a confirmation code to a trusted device before any account changes can be made.
    Were you affected or do you know someone who was?

    Source: Apple (Support), The Age

    Twitter: @AkshayMasand

  2. #2
    This is a great example of more security actually making one less secure and more vulnerable. I can see how "Find My" services can normally be useful but people don't realize how dangerous it can be in how it can be used as a backdoor.

  3. #3
    Super Moderator Zokunei's Avatar
    Join Date
    Jun 2010
    Location
    Michigan
    Posts
    7,526
    Thanks
    690
    Thanked 945 Times in 709 Posts

    Default Hackers Use "Find My iPhone" to Lockout and Ransom iOS and Mac Device Users
    This is why Apple has two-step verification for any time a new device tries to access your Apple ID along with Find My iPhone. Plus, I can't imagine why someone would set up Find My iPhone without putting a passcode on their phone. Taking these measures whenever you enable Find My services should be a requirement though.
    Last edited by Zokunei; 2014-05-28 at 08:11 PM.

  4. #4
    @Zokunei That fine and all, but obviously it's been cracked (for both Mac computers and iDevices.)

  5. #5
    Super Moderator Zokunei's Avatar
    Join Date
    Jun 2010
    Location
    Michigan
    Posts
    7,526
    Thanks
    690
    Thanked 945 Times in 709 Posts

    Default Hackers Use "Find My iPhone" to Lockout and Ransom iOS and Mac Device Users
    Quote Originally Posted by znbl View Post
    @Zokunei That fine and all, but obviously it's been cracked (for both Mac computers and iDevices.)
    The article says this only affected people who didn't set a passcode. Two-step Apple ID verification might have stopped their iCloud accounts from getting hacked in the first place, but I'm not sure if that is the case because it doesn't say if people who had verification enabled were hacked or not. I'm saying that Apple messed up by not making these extra steps a requirement for enabling Find My.

  6. #6
    I'm addicted to jailbreak luvmytj's Avatar
    Join Date
    Jul 2008
    Location
    New York
    Posts
    843
    Thanks
    32
    Thanked 112 Times in 83 Posts

    Quote Originally Posted by znbl View Post
    This is a great example of more security actually making one less secure and more vulnerable. I can see how "Find My" services can normally be useful but people don't realize how dangerous it can be in how it can be used as a backdoor.
    Re-read the story as you must not of understood it.

  7. The Following User Says Thank You to luvmytj For This Useful Post:

    znbl (2014-05-29)

  8. #7
    This is why people should not use a email address as a user name. Especially when using the same password that's used for iCloud.

  9. The Following User Says Thank You to Cokeman For This Useful Post:

    znbl (2014-05-29)

  10. #8
    Quote Originally Posted by Zokunei View Post
    The article says this only affected people who didn't set a passcode. Two-step Apple ID verification might have stopped their iCloud accounts from getting hacked in the first place, but I'm not sure if that is the case because it doesn't say if people who had verification enabled were hacked or not. I'm saying that Apple messed up by not making these extra steps a requirement for enabling Find My.
    You're right about the passcode not being set, but why does this let one take over a Mac as well, which doesn't have an iOS-like passcode, but local user accounts instead?

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •