Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Using iCloud's Find My iPhone Feature To Remotely Lock Macs, Demand Ransom Payments (macrumors.com)

Posted by BeauHD on from the remote-control dept.

AmiMoJo shares a report from Mac Rumors: Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone. With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here. Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device. The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers. Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

15 of 61 comments (clear)

  1. Explains a lot by burtosis · · Score: 3, Funny

    So that's how my email and bank account was drained at the same time as my luggage was broken into.

  2. old story by UnderAttack · · Score: 3, Informative

    This has been happening at least since 2016.

    --
    ---- join dshield.org Distributed Intrusion Detec
    1. Re:old story by Anonymous Coward · · Score: 3, Informative

      Try 2012. http://www.zdnet.com/article/lessons-learned-from-the-recent-find-my-mac-remote-wipe-attack/

      People who enable the "remote wipe" "feature" on their macs (or the iCloud "feature" in general) are fucking stupid. If your data are valuable, encrypt your disk. If your computer is valuable, insure it. Putting a self-destruct button in your computer which can be triggered remotely is the height of stupidity.

    2. Re:old story by ctilsie242 · · Score: 2

      I've been using a self-destruct button since I was using Exchange on my phone back in 2006, where I could remote wipe it should the need arise.

      The key is maintaining access/control of your account. Apple has done some changes, but they do have 2FA available (although it would be nice if they offered a standard Google Authenticator QR code method as well.)

      Then there are backups. This is what Time Machine and services like CrashPlan or Backblaze are for. If you like packing your own parachute, buy/use Arq and Amazon S3 to stash your data securely.

  3. Re:Ransom? No mention of that... by lucm · · Score: 2

    While asking for a ransom isn't a bad business model, there is nothing in the summary or article to suggest that is going on.

    What about "Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device."

    --
    lucm, indeed.
  4. Of course by lucm · · Score: 2

    The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers.

    Citation needed (excluding Apple marketing)

    --
    lucm, indeed.
  5. Re:Ransom? No mention of that... by Khyber · · Score: 2

    It's called sensationalism. Slashdot is well known for it now since the real Slashdot died years ago.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  6. Re:Security concerns by tk77 · · Score: 2

    I believe it sends you and email whenever someone logs into Find My iPhone. Also 2 Factor Authentication is available (and should be used at this point).

    This really shouldn't be an issue anymore.

  7. Re:Ransom? No mention of that... by 93+Escort+Wagon · · Score: 2

    Reading the what?

    --
    #DeleteChrome
  8. Re:Security concerns by 93+Escort+Wagon · · Score: 4, Insightful

    The problem is that, for many people, their iPhone is their only "trusted" device. Nowadays a lot of people don't own computers; and, of those who do, only some will be Macs. As far as I know, a Windows box can't be registered with Apple as a trusted device.

    --
    #DeleteChrome
  9. Re:Ransom? No mention of that... by Jeremi · · Score: 2

    the real Slashdot died years ago.

    Did Netcraft confirm it?

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  10. Re:Ransom? No mention of that... by lucm · · Score: 2

    I personally approve of people who post without reading the title - they're doing the equivalent of going commando. I'm pretty sure that BeauHD himself doesn't read the clickbait titles that he copy-pastes from macrumors and Apple press releases, and as we can all witness that doesn't stop him from publishing interesting and awe-inspiring content.

    It's a bit rich though when people who don't read the summary or article complain that "nothing in the summary or article suggest..." something. That's pushing the envelope a bit too far.

    --
    lucm, indeed.
  11. Re:Glad by omnichad · · Score: 2

    Most of the attacks are based on password re-use, not password resets via email. A password reset could also be thwarted with two-factor authentication, but not this attack.

  12. Re:Terror in coffeeshops across the land! by Hognoxious · · Score: 4, Funny

    Us, at Special Education for the Santa Clara County Office of Education, couldn't agree more with you!

    I guess that explains it.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  13. Re: Glad by omnichad · · Score: 2

    2FA is NOT used. You can lock a device with a passcode with only the iCloud password and it doesn't use 2FA to confirm it - because Apple assumes you probably have lost the device that provides that second authentication factor and that's why you're locking it.