In The News‎ > ‎

Ransomware now holds iPhones hostage

posted Jun 10, 2014, 1:17 PM by Craig Cox   [ updated Jun 11, 2014, 6:00 AM ]
An article at the PC Magazine site analyzes an attack taking place against iPhones,  It's good material, but aimed at a technical audience.  Here's how it boils down:

If you don't have a PIN on your phone and someone guesses your iCloud account password, they can put a PIN on the phone.  The attackers have been guessing iCloud passwords, setting the Lost Mode to display the ransom message, putting in a PIN and the activating Lost Mode.  (Your normal Lost Mode message would say something like "this phone is lost, please contact [other phone] to return it to me.")

So the takaways are:
  • Use a PIN on your iPhone
  • Use a strong password on your iCloud account
  • Don't use your iCloud password for any other services, so that a compromised password there won't get the attacker into your iCloud account.
  • Use two-factor authentication where available, particularly on your Apple ID.

If you get locked out of your phone and it displays a ransom demand, don't pay the ransom.  Take the phone to an Apple store for assistance.  You may be able to get your data back from iTunes or iCloud.

Update:  Two perpetrators have been caught.  Apparently I was late in finding / publishing this one; but the article says more are suspected to be working this crime.