Hackers Remotely Locking Some Macs and iOS Devices in Australia for Ransom

Discussion in 'iOS Blog Discussion' started by MacRumors, May 26, 2014.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    A number of iOS and Mac users in Australia are reporting a growing issue on Apple's support forums (via The Age) in which hackers are locking iPhones, iPads and Macs remotely through iCloud. Compromised devices are also displaying warning messages offering unlocks for money.

    [​IMG]
    A hacker's message on a compromised iMac (via The Age) ​
    Member veritylikestea on Apple Support Communities:
    Member Sei_L on Apple's forums also reports a similar message:
    IT security expert Troy Hunt commented on the specifics of the issue, stating that the hackers are likely using compromised data exposed from recent security breaches to login to iCloud accounts. Hunt also notes that the accounts hacked were likely not using two-step verification, suggesting that a single password would have not had granted access had the feature been turned on.

    Apple has yet to officially comment on the issue, although users are encouraged to turn on two-step verification for their Apple ID with directions available on a support page.

    Article Link: Hackers Remotely Locking Some Macs and iOS Devices in Australia for Ransom
     
  2. macrumors member

    surfingarbo

    Joined:
    Jun 12, 2011
    Location:
    Calgary, AB, Canada
    #2
    Sigh, I wish my devices were hacked. It would force me to actually go outside and admire real life.
     
  3. macrumors 6502

    somethingelsefl

    Joined:
    Dec 22, 2008
    Location:
    Tampa, FL
    #3
    I setup Apple's 2-step a while back...but why isn't 2-step on ALL Cloud services?
     
  4. macrumors 6502a

    EdgardasB

    Joined:
    Apr 14, 2014
    Location:
    Lithuania
    #4
    Emmm what for those countries which isn't supported with Apple iCloud two-step verification? -.-' iCloud keychain sms verification works for my country like Google, Hotmail, dropbox and etc while Apple don't give a ***** about iCloud two-step...shame
     
  5. macrumors 6502a

    Ludatyk

    Joined:
    May 27, 2012
    Location:
    Texas
    #5
    I'm on the 2-step password verification... but I was under the impression that if I logged under "iCloud.com" to check my email. I would be prompt to have a secondary security check.

    But the 2-step password verification only works for appleid.apple.com.. as far as I know. I have 2 step verification with Google, Microsoft & Dropbox and all them have some form of secondary check with their logins.

    Is "icloud.com" separate from the 2-step verification?
     
  6. macrumors 68040

    haruhiko

    Joined:
    Sep 29, 2009
    #6
    Using a different password for possibly insecure websites is very important.
     
  7. macrumors 603

    Joined:
    Sep 19, 2003
    #7
    The verification only happens when you set up a new device, you change your account info (i.e log in to applied.apple.com) or when you forget your password.
     
  8. macrumors 6502a

    stiligFox

    Joined:
    Apr 24, 2009
    Location:
    10.0.1.3
    #8
    This has me very worried. I'm mostly concerned to see how they got in -- via guessing from a password from another site or from Apple's servers (however unlikely that maybe).

    It's late where I am, and when I'm tired I tend to overreact about things, but this makes me think twice about using Keychain/Find My Mac!

    This is all the things that's wrong with cloud stuff -- when we have the possibility to loose even 5% of the control over our device, it becomes very insecure. Having my data held for ransom is not on the top of my bucket list...
     
  9. macrumors newbie

    Joined:
    Feb 14, 2014
    Location:
    Australia
    #9
    This is so nerve wracking. Especially since I live in Australia. I'm not sure what actions that apple can take to rectify this issue, perhaps they will provide a software update?

    So really no one is safe, even if you have a password prior to it being hacked?
     
  10. macrumors 6502a

    Joined:
    Aug 26, 2012
    #10
    Like ebay? I think that using different passwords for all purposes is important.
     
  11. macrumors regular

    Joined:
    Aug 28, 2003
    Location:
    Zurich, Switzerland
    #11
    Please be reminded that 2-step verification is available to a very limited number of countries only.
     
  12. macrumors 6502

    Joined:
    Jul 22, 2009
  13. macrumors 6502a

    Joined:
    Apr 22, 2005
    #13
    It's still the sixth largest country in the world.
     
  14. macrumors 603

    ChazUK

    Joined:
    Feb 3, 2008
    Location:
    Essex (UK)
    #14
    This article just reminded me to update all of my 2 step authentication details.

    2 old phone numbers and various devices I no longer own linked to my account. Luckily I had my master key hand to do so.

    All done!
     
  15. macrumors regular

    Joined:
    Dec 2, 2010
    #15
    it's alright, hackers are usually very negative people which will in turn affect their health they will die off soon enough.
     
  16. macrumors 6502a

    Joined:
    Aug 26, 2012
    #16
    There have been a few high profile data breaches of (non-apple) sites lately. Most likely that data has been used to do this. No update can fix that. Just change your passowords, use different passwords from different sites, and where possible dont give custom to companies who dont respect your personal data, like ebay.
     
  17. macrumors regular

    Joined:
    Jan 26, 2014
    #17
    Maybe it would be best if such idiots didn't have passwords like 'password123' then whine when someone hacks then. Honestly, I wish there was a fine for those idiots who choose stupid passwords and then find themselves hack - $1,000 fine would be a good incentive to stop people from being idiots.
     
  18. macrumors member

    Joined:
    Apr 10, 2012
    #18
    I am afraid that they will have access to all the passwords saved in iCloud Keychain.
    My country doesn't have 2-step verification #.
     
  19. APlotdevice, May 26, 2014
    Last edited: May 26, 2014

    macrumors 68030

    APlotdevice

    Joined:
    Sep 3, 2011
    #19
    I think these schmucks should be aquatinted with some of Australia's indigenous fauna as punishment.

    Not really: NA is 24.3 million square kilometers, whereas Australia is only 7.6 million square kilometers. Now if you meant the continental US, then yes, it is pretty close (e.g. 7.7 million square kilometers (if you only count land)).
     
  20. macrumors 6502

    Joined:
    Apr 3, 2009
    Location:
    London, UK
    #20
    There should also be a fine for presumptuous posts made by idiots who think they're somehow superior to people they know nothing about.
     
  21. macrumors 6502a

    Truffy

    Joined:
    May 9, 2005
    Location:
    somewhere outside your window...
  22. macrumors 68000

    Parasprite

    Joined:
    Mar 5, 2013
    #22
    Checks out on Wikipedia by area as roughly: USA - Alaska = Australia
     
  23. macrumors 6502

    Joined:
    Jun 8, 2011
    #23
    Yea, I implied continental US.
     
  24. macrumors 6502

    7thson

    Joined:
    May 13, 2012
    Location:
    Six Rivers, CA
    #24
    I'd be more freaked out if this was happening in multiple countries. It just being in Australia suggests that the security breach is localized and the victims probably had redundant logins and passwords. We'll see, hopefully. I'm glad I ponied up for 1 Password recently. It's kind of a hassle on iOS but it's worth it.
     
  25. macrumors member

    Joined:
    Jan 10, 2006
    #25
    Belgium has no Apple Store and apparentely also no 2-step verification. Come on...
     

Share This Page