Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Pilot6612

macrumors newbie
Original poster
Feb 19, 2016
8
0
Hello everyone.

This morning, a strange thing happened to my girlfriend. All of a sudden following message appeared on her iPhone 5 screen :

iPhone+Hack+1.jpg


Message says : "In order to recieve a password, please write to e-mail: helpappleusa@gmail.com"

She was locked out of her phone by something. When she slided to unlock, following screen appeared :

iPhone+Hack+2.jpg


All functions were reduced to screen from picture 1, screen from picture 2 and recieving calls. Also when I call her, iPhone only shows my number, not my contact name. Also, battery status in upper left corner is yellow. Thats all. There is nothing we can do with her phone. I checked her phone via Find iPhone, and it was set in Lost Mode, with red locked padlock icon on phone. Its clear that someone has logged into her iCloud account. So we :
- logged into her iCloud and changed her password
- turned off Lost Mode on her iPhone
- phone is still acting the same way

Other facts >
iPhone is not jailbraked (dont know if it is even still possible).
iPhone was not protected with passcode ever before.

Can anyone please tell me what is this and help us? Have you ever heard about something like this? Is restore to factory state only solution? Is it even a solution?



Thank you
 
Looks like this happened to a few people last night, myself included. If there was never a PIN code on the phone, the only way to get it working again is to erase and restore it from a backup. As long as she has a recent backup, you can erase the phone from the Find My iPhone website
 
Yep I thought so. I'm asking because this does not look like simple lock from iCloud account. I never did lock my iPhone via iCloud on web, but since you lock it, can't you also unlock it through iCloud? Also the screen where passcode is entered is different from default system screen.
 
so, the FBI can't but some random chinese hacker can do this to an unjailbroken iphone? interesting.
 
  • Like
Reactions: Armen
Yep I thought so. I'm asking because this does not look like simple lock from iCloud account. I never did lock my iPhone via iCloud on web, but since you lock it, can't you also unlock it through iCloud? Also the screen where passcode is entered is different from default system screen.

It is how the "lost mode" lock works unfortunately. You can turn off lost mode, but it doesn't deactivate the PIN on the phone. It actually tells you this when you deactivate lost mode from Find My iPhone.
 
Aha ... wasn't there when she did it. So restore to factory settings is the only way?
 
Yup, I tried everything else I could think of. Wipe and restore is the only thing that worked.
 
so, the FBI can't but some random chinese hacker can do this to an unjailbroken iphone? interesting.

IIRC when you do this, it sets an ADDITIONAL lock code, hence why the unlock screen is different. I don't believe it removes the old one, only adds a second one, thus wouldnt help bypass a PIN. I have an extra iPhone sitting on my desk, I may test it later.
 
so, the FBI can't but some random chinese hacker can do this to an unjailbroken iphone? interesting.
What does one thing have to do with someone accessing someone's iCloud account by stealing (or guessing) their password?
 
OK. New thing. I start my girlfriends MacBook Pro to restore iPhone and guess what. Same thing. MacBook suddenly restarted and now he wants PIN to unlock everything.
 
OK. New thing. I start my girlfriends MacBook Pro to restore iPhone and guess what. Same thing. MacBook suddenly restarted and now he wants PIN to unlock everything.
Part of the same iCloud account? Sounds like the account was hacked and someone locked all the devices basically.
 
I wonder if you still can log in to iCloud (...@icloud.com) with the old password. If u can, then change the password and delete hacker's email. Good luck.
 
OK. New thing. I start my girlfriends MacBook Pro to restore iPhone and guess what. Same thing. MacBook suddenly restarted and now he wants PIN to unlock everything.

If you can't login to iCloud, contact apple support, I would think if you can verify enough information, they should be able to reset your iCloud password. Worst case, may have to make a Genius appt, with the devices in hand (and hopefully some proof of purchase, but you can certainly prove you are the acct holder of the phone service) and see if they can help.

Unless you / she has a recovery email address (that is not @icloud.com / me.com) and you should be able to reset the password to icloud that way.

Once you get this all figured out, make sure you enable two-factor authentication for icloud!!!!!
 
I wonder if you still can log in to iCloud (...@icloud.com) with the old password. If u can, then change the password and delete hacker's email. Good luck.

If you can't login to iCloud, contact apple support, I would think if you can verify enough information, they should be able to reset your iCloud password. Worst case, may have to make a Genius appt, with the devices in hand (and hopefully some proof of purchase, but you can certainly prove you are the acct holder of the phone service) and see if they can help.

Unless you / she has a recovery email address (that is not @icloud.com / me.com) and you should be able to reset the password to icloud that way.

Once you get this all figured out, make sure you enable two-factor authentication for icloud!!!!!
Unless I'm reading it wrong, it seems that based on what's mentioned in the OP they were able to login to iCloud and change the password already and even take the phone out of lost mode.
 
@C DM exactly. We did. iCloud pass have been changed, iPhones Lost Mode disabled. And my GF in panic also removed MBP from devices in iCloud. However, it looks like it was already too late. She did it before lunch. When I opened her MBP, it was around 4:30 p.m. and was already "infected".
 
@C DM exactly. We did. iCloud pass have been changed, iPhones Lost Mode disabled. And my GF in panic also removed MBP from devices in iCloud. However, it looks like it was already too late. She did it before lunch. When I opened her MBP, it was around 4:30 p.m. and was already "infected".
Well, it's not really that it was infected as it was just placed into lost mode via iCloud and locked in relation to that. Not sure if removing the devices from iCloud was a good idea vs. leaving them but either changing the PIN via lost mode or disabling lost mode (which would hopefully disable the lost mode PIN) -- sounds like what's mentioned at https://support.apple.com/en-us/HT204306 might be of some help.
 
Well I also said that removing MBP from devices was not a good idea. But its done so no way back. Now we don't know if the MBP is also in lost mode or not. I was just surprised cause she didn't used her MBP for like 3 days, which means he must have received the info about lock in those 7 seconds before he rebooted himself. Or is MBP doing some things while sleeping?
 
Well I also said that removing MBP from devices was not a good idea. But its done so no way back. Now we don't know if the MBP is also in lost mode or not. I was just surprised cause she didn't used her MBP for like 3 days, which means he must have received the info about lock in those 7 seconds before he rebooted himself. Or is MBP doing some things while sleeping?

Lots of factors affect this...if she was working without internet access, then once it grabbed internet it got the message to lock, anything interfering with that message would have delayed the lock.

At this point, I think your only option is to contact Apple Support and / or Genius Bar. Now that it is removed from iCloud, I think you are hosed.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.