Hackers Using iCloud's Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments

[Tech198]

Dang ...

When such a case happens, look where the link point to back to, a users password being insecure... Everything comes back to this, one way or another in a hack, and we all reckon in today's world TouchID is a good replacement and beyond are good replacements.


I wouldn't even worry about second factor, just use a strong password, because if u your phone they can get in anyway with a weak password set *and* your phone..

although two factor is a step in the right direction, i think its just another thing you can loose

 

[redheeler]

I use a unique password for my iCloud account, and have changed it within the past year. If you meet both these criteria, the chance of a breach is next to none - don't worry about it.

I know it's tough to remember unique passwords, but it's ok to use a common password for the less-important accounts you don't care as much about, and only give a unique one to important accounts such as iCloud, Facebook, PayPal, etc.

 

[Shirasaki]

I still use the old school security questions with random strings as answer. Given all of those scandals regarding 2FA, I am more than reluctant to enable it any time soon, especially when I only have one device as trusted device (not including the Mac) .

 

[Tech198]

I know it's tough to remember unique passwords, but it's ok to use a common password for the less-important accounts you don't care as much about, and only give a unique one to important accounts such as iCloud, Facebook, PayPal, etc.

No need to remember,, Just use a password manager.. But ya, sometimes i do that if i don't care about a throw away account, juts use a simple password if u'll never go back.

 

[redheeler]

No need to remember,, Just use a password manager..

I've used the built-in OS X password manager (Keychain Access) on occasion, but never a third-party password manager. Can you recommend one?

 

[tweaknmod]

Is there a way to sticky this post to the top of MR? I feel like this is something that most people would want to know about, and they might miss it if they're just jumping around on their regular sites for a few minutes...

Edit: Not my post here in the forum, the post on the main page, lol

 

[macintoshmac]

This is true. It signs out of iMessage, FaceTime, on all devices, so even signing back in on one device you have to go and re-enable all the other services again on your other devices. It's a huge hassle.

You should add a small /s after your reply.

 

[Scottsoapbox]

Im sure that if you want I can get you a link which will happily encrypt you hard drive throw away the Root sectors of your Harddrive and warn you not to switch of your PC till you payed the Ransom and it dose not just go for your Boot drive but all your attached storage and for good measure your NAS as well. There are a number of MMFer out there on the PC side we are still in a walled garden on the Mac but if you Give the Thief the Haus key.

We had one customer come in two locked devices which he got locked out on returning home from a 2 week Business trip we came to the conclusion that the hacker used his wife's PC as the attack vector to access iCloud and then Find my iPhone. The hacker used a email account that almost looked like it could have been Apple and wanted that the Customer buy a iTunes Card valued at 50€ per Locked Device, which we assume he would have used to buy a expensive Fraudulent App which indicated that he was willing to share 30% with Apple.

Sure give me the link where a PC is remote locked and wiped with a cracked website password.

... What's that? Oh I see you can't find one.

 

[trusso]

I've barely trusted Apple themselves with the "Find My <device>" feature, so I keep it turned off most of the time. The people who are doing this are a******s, of course.

 

[MagnusVonMagnum]

This article makes a hell of a lot of ASSumptions about HOW these hackers got their iCloud credentials. I also have to laugh at how a feature designed to save your computer is being used to RANSOM it! So much for the fracking BS "CLOUD" (who the hell didn't see this one coming? IMagine that; put your data on someone else's server somewhere on the Internet and it can be hacked??? Who would have THUNK? Frack the CLOUD. It's asking to be hacked sooner or later.

Then comes the BEST part of the article. It tells you the remedy is to set a new password and use two-step authentication even though it just said earlier in the article is didn't do ONE DAMN BIT OF GOOD to have two-step authentication in this case!!! Yeeehaaw! Stupid advice galore! Get the frack off the Cloud would be the better advice and most of all keep a backup of your computer so you can restore it if something does happen!

 

[macintoshmac]

This article makes a hell of a lot of ASSumptions about HOW these hackers got their iCloud credentials. I also have to laugh at how a feature designed to save your computer is being used to RANSOM it! So much for the fracking BS "CLOUD" (who the hell didn't see this one coming? IMagine that; put your data on someone else's server somewhere on the Internet and it can be hacked??? Who would have THUNK? Frack the CLOUD. It's asking to be hacked sooner or later.

Then comes the BEST part of the article. It tells you the remedy is to set a new password and use two-step authentication even though it just said earlier in the article is didn't do ONE DAMN BIT OF GOOD to have two-step authentication in this case!!! Yeeehaaw! Stupid advice galore! Get the frack off the Cloud would be the better advice and most of all keep a backup of your computer so you can restore it if something does happen!

A lot of fracking for one post. Is everything alright?

 

[Apple_Robert]

This article makes a hell of a lot of ASSumptions about HOW these hackers got their iCloud credentials. I also have to laugh at how a feature designed to save your computer is being used to RANSOM it! So much for the fracking BS "CLOUD" (who the hell didn't see this one coming? IMagine that; put your data on someone else's server somewhere on the Internet and it can be hacked??? Who would have THUNK? Frack the CLOUD. It's asking to be hacked sooner or later.

Then comes the BEST part of the article. It tells you the remedy is to set a new password and use two-step authentication even though it just said earlier in the article is didn't do ONE DAMN BIT OF GOOD to have two-step authentication in this case!!! Yeeehaaw! Stupid advice galore! Get the frack off the Cloud would be the better advice and most of all keep a backup of your computer so you can restore it if something does happen!

If people would use a really hard password (just for that amount) and keep the iCloud account email to only that account, hackers wouldn't have such an easy time.
[doublepost=1505950190][/doublepost]

A lot of fracking for one post. Is everything alright?

I think he may be in the oil business.

 

[rafark]

This is why I have absolutely no sympathy for those affected. If you use the same password for multiple sites and do not understand even the basics of security then you deserve to get hacked. This is also why I do not put my Apple ID anywhere on any website and the only people other than myself who know what it is is Apple.
It is also why I use the most complex lengthy password possible and never use the same password twice anywhere.
As well as using different email addresses for sites and services.

People with the same password deserve to be hacked? Excuse me, no. No one deserves to be hacked, regardless of their password behaviors.

 

[vpndev]

That's what you get for using iCloud. I hate that technology and will never use it until it is on a blockchain.

And who is going to pay for your blockchain? Just askin'

 

[RobertMartens]

Yup, this happened to me back in June when I installed beta 1 of MacOS High Sierra. Frustrating and embarrassing when your an IT engineer and your own device gets hacked! Had to bring it to Apple and provide proof of ownership before they would remove the lock.



I had 2 factor enabled, saw that someone was trying to access my account, denied them, and still had my account locked.

Why were you embarrassed at Apple? Shouldn't the 2 factor have been enough? What did Apple say about its failure to protect you? And had they seen this before?

 

[rafark]

Stop caring as soon as I read they need your account email and password. If they have that no matter what someone does your screwed.

Turns out, they most likely do for the mayority of users. There was a site called, haveibeenhacked or something like that (google it) which shows whether you've been hacked in the past. Millions of users have from many different websites. I have been hacked from 3 or 4 different sites. That means username and passwords of millions and millions of users are freely exposed in the net.

After typing this comment I'm changing my password right now as my iMac is my small company's primary device, I've got everything to loose.

It's **** considering it'll be a hassle to type in a long and strong password every time I have to unlock my mac, which is several times a day.

 

[vpndev]

Yeah except the unlock part. Can you wipe a locked device and reinstall on Apple? you can’t on a Google Pixel.

You can wipe it and reinstall. But it fails at activation. So the effective answer is "no".

 

[adrianlondon]

I don't advertise my icloud login name anywhere, even facetime and imessage do not have my main icloud account address. An alias, yes, but not the main one.

I can log into icloud.com and appleid.apple.com using my email alias (and Apple Id password).

Edit: Ignore this, I'm wrong.

 

[Tech198]

I've used the built-in OS X password manager (Keychain Access) on occasion, but never a third-party password manager. Can you recommend one?

Lastpass.. If you don't wanna store in the cloud as well, 1Password

 

[abhibeckert]

Exactly. No biggie. Nightly backup to my NAS. I'd lose 24 hours of 'data' at best. Even then the real important stuff i transfer to NAS immediately without waiting for backup. Can't beat it.

Stuff like this is only a problem if you make it a problem.

You forgot the part where getting "back up and running" quickly requires buying a new computer to restore the backup to.

This is a firmware lock out, so unless you can convince Apple to fix it there's no solution. And Apple won't be easily convinced, or else what's the point of being able to lock a device?
[doublepost=1505951946][/doublepost]

2FA isn't perfectly easy ALL the time, but it is works perfectly MOST of the time.
The rest are left for Darwin.

2FA is disabled for locking a stolen device, since your 2FA device may be the one that's stolen.

 

[cylack]

Everyone says use a password generator like 1Password (which I own), but the problem is if you use public computers frequently and want to logon to websites (facebook, gmail, etc) you won’t be able to unless you carry a piece of paper with all those random lenghty passwords written down, which is impractical.

 

[ke-iron]

Yeah. It's a tricky situation, though.



What's your basis for the assumption that the affected users re-used their password?

Because Apple servers weren’t compromised.

 

[dohspc]

Everyone says use a password generator like 1Password (which I own), but the problem is if you use public computers frequently and want to logon to websites (facebook, gmail, etc) you won’t be able to unless you carry a piece of paper with all those random lenghty passwords written down, which is impractical.

You can install 1Password on your phone.

 

[ke-iron]

So hackers got your username and password and disabled your Mac using find my iPhone on the login screen of iCloud.com. I know it sucks yes, but if users had 2FA enabled that would have been all the hackers could do. The next step for users with 2FA enabled who were locked out of their computers to do, is to change their password! 2FA is key here.

I can see a future fix for this. Use Touch ID and Face ID to make it more secure. Similar to how Apple Pay works, when the user types in his Apple ID and password on any device to log in, it will ask you to confirm using biometrics unless you lost your device and you’re trying to use find my iPhone like these hackers did, it will ask you other ways of authenticating.

 

[killawat]

Sadly this is usually a case of credential reuse or phishing, I assume its the former.

If you get access to a credential set, the first thing attackers will look for are @me, @icloud, gmail especially accounts, dump those, and see how many they can get into.