Hackers Using iCloud's Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Sep 20, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone.

    With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here.

    [​IMG]

    Apple allows users to access Find My iPhone without requiring two-factor authentication in case a person's only trusted device has gone missing.

    [​IMG]
    2-factor authentication not required to access Find My iPhone and a user's list of devices.

    Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device.


    The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers.

    Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

    [​IMG]
    It's easy to lock a Mac with a passcode in Find My iPhone if you have someone's Apple ID and password.​

    To prevent an issue like this, Apple users should change their Apple ID passwords, enable two-factor authentication, and never use the same password twice. Products like 1Password, LastPass, and even Apple's own iCloud Keychain are ideal ways to generate and store new passwords for each and every website.


    Users who have had their Macs locked will need to get in contact with Apple Support for assistance with removing the Find My iPhone lock.

    (Thanks, Eli!)

    Article Link: Hackers Using iCloud's Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments
     
  2. ILuvEggplant Suspended

    ILuvEggplant

    Joined:
    Jul 28, 2016
    Location:
    Los Angeles, CA
    #2
    I liked how he said "y'all"

    "y'all come back now ! yah hear?!"
     
  3. Relentless Power macrumors Penryn

    Relentless Power

    Joined:
    Jul 12, 2016
    #3
    Macurmors quote:

    "Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details."

    And this is exactly why I reconfigure all my passwords for my accounts on a regular basis. Stagnancy can be part of the problem.
     
  4. Mlrollin91, Sep 20, 2017
    Last edited: Sep 20, 2017

    Mlrollin91 macrumors G5

    Mlrollin91

    Joined:
    Nov 20, 2008
    Location:
    Ventura County
    #4
    And always use 2Factor. I don’t buy the second tweet about someone getting hacked with having 2FA enabled. Even if they could guess your password and the security code, your trusted device would still get a notification and you could block access.

    Edit: Apparently FMI is immuned to 2FA. My bad.
     
  5. bromosa macrumors newbie

    bromosa

    Joined:
    Sep 20, 2017
    #5
    Bet they're using some stolen Equifax credentials since these folks likely used the same password across multiple accounts.
     
  6. Vol7ron macrumors 6502

    Vol7ron

    Joined:
    Jun 11, 2009
    Location:
    Derry, NH
    #6
    Yup, this happened to me back in June when I installed beta 1 of MacOS High Sierra. Frustrating and embarrassing when your an IT engineer and your own device gets hacked! Had to bring it to Apple and provide proof of ownership before they would remove the lock.

    I had 2 factor enabled, saw that someone was trying to access my account, denied them, and still had my account locked.
     
  7. rctlr macrumors 6502a

    Joined:
    May 9, 2012
    #7
    I don't advertise my icloud login name anywhere, even facetime and imessage do not have my main icloud account address. An alias, yes, but not the main one.
     
  8. miketcool macrumors 6502a

    miketcool

    Joined:
    Jun 24, 2003
    Location:
    California
    #8
    Meh, this is why things live on external drives. If I lost or had my laptop stolen, I'd wipe it and be back up and running in 25 minutes without the hassle.
     
  9. MrGimper macrumors 603

    MrGimper

    Joined:
    Sep 22, 2012
    Location:
    Andover, UK
  10. archvile macrumors 6502

    archvile

    Joined:
    Oct 27, 2007
    #10
    You can access Find my iPhone without needing 2FA authorization. Try it, go to iCloud.com, deny the 2FA request after entering username/password, then click on Find my iPhone at the bottom. This is what happened to these folks.

    An easy solution would be if your account has multiple trusted devices, to require 2FA even when accessing FMI, since it would be highly unlikely you would lose access to all of your trusted devices at once.

    To edit, you can actually access a good bit of things even without the 2FA authorization. You can remove Apple Pay cards and other devices from your iCloud account. I really think Apple needs to reconsider this ability.
     
  11. busyscott macrumors regular

    busyscott

    Joined:
    Sep 29, 2015
    Location:
    California
    #11
    MacRumors, why are you recommending two-factor authentication if you then go onto say you can access Find My iPhone without needing 2FA??

    Here's a better recommendation: turn off Find My Mac until Apple correct course and Find My iPhone requires 2FA.
     
  12. shplock macrumors regular

    Joined:
    Dec 25, 2015
    Location:
    Somewhere in a Galaxy far far away
    #12
    This is why I have absolutely no sympathy for those affected. If you use the same password for multiple sites and do not understand even the basics of security then you deserve to get hacked. This is also why I do not put my Apple ID anywhere on any website and the only people other than myself who know what it is is Apple.
    It is also why I use the most complex lengthy password possible and never use the same password twice anywhere.
    As well as using different email addresses for sites and services.
     
  13. Xavier macrumors 68030

    Joined:
    Mar 23, 2006
    Location:
    Columbus
    #13
    This isn't fun, but could have been avoided if the password wasn't simple or had two factor authentication (preferably both).
     
  14. moz5835 macrumors newbie

    Joined:
    Sep 5, 2007
    #14
    This isn't new. One of our team had this exact thing happen four weeks ago. Had to take his MBP to the Apple Store, where it was kept overnight. The Genius Bar person said that they see two or three of these a day.
     
  15. Nevaborn macrumors 65816

    Nevaborn

    Joined:
    Aug 30, 2013
    #15
    Stop caring as soon as I read they need your account email and password. If they have that no matter what someone does your screwed.
     
  16. Mlrollin91 macrumors G5

    Mlrollin91

    Joined:
    Nov 20, 2008
    Location:
    Ventura County
    #16
    My bad. I did not know that. Thank you.
     
  17. budselectjr macrumors 6502a

    Joined:
    Oct 6, 2009
    Location:
    Minnesota
    #17
    .....
     
  18. Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #18
    If you already have a password for your Mac, I don’t think you can add one with find my iPhone. I think if you don’t have a password, you then can add one.
     
  19. bbeers macrumors regular

    bbeers

    Joined:
    Dec 14, 2007
    Location:
    Maryland
    #19
    And how would forcing 2FA work if say I miss placed my trusted device, which also happen to be my phone, while on vacation and not near a second trusted device?
     
  20. jpizzle31 macrumors newbie

    jpizzle31

    Joined:
    Sep 20, 2017
    #20
    This is what happen on my iPhone and I had 2 phase Authentication on it.. Apple said they have not see this before and i must have been messing around with them.. They only way I got it fixed was by taking out my sim and putting it in another iPhone and have it send a code to that phone to unlock the the block.. wow..
     
  21. sza macrumors 6502

    Joined:
    Dec 21, 2010
  22. nexesnex macrumors regular

    Joined:
    Sep 18, 2014
    #22
    I know I shouldn't say this, but it's kind of funny.
     
  23. jlc1978 macrumors 68020

    jlc1978

    Joined:
    Aug 14, 2009
    #23
    So Apple can bypass the lock? It makes sense for situations such as this or when a lost or stolen device is recovered.
     
  24. OzyOly macrumors 6502a

    Joined:
    Jun 3, 2009
    Location:
    Melbourne, AU
    #24
    Changed my password and disabled 'Find my mac'. It's all I can do for now I guess.
     
  25. chucker23n1 macrumors 68000

    chucker23n1

    Joined:
    Dec 7, 2014
    #25
    Yeah. It's a tricky situation, though.

    What's your basis for the assumption that the affected users re-used their password?
     

Share This Page