Recent Apple Security Attack

Geen Apple Security AttacksFind My iPhone Security

Apple iPhone, iPad, and Mac owners are finding their devices have been controlled by a hacker who is demanding a ransom to unlock them. Early reports indicated that the hack was confined to Australia. Yet support forums are showing that the Apple security attack may have spread to New Zealand, the United Kingdom, Canada, and the United States.

What Happened?

According to Information Week’s Dark Reading, the Apple security attack exploits the Find My iPhone and Find My Mac features on various Mac and iOS devices to trigger a remote lock of the device. The Find feature is designed to allow users to find their missing device on a map, remotely lock it, and display a custom message for the person who finds it. As a result of the hack, users discovered a custom message from likely pseudonym Oleg Pliss, who demanded between $50 and $100 to unlock the device.

How Did It Happen?

Many users found that all of their devices had been affected or that the same device had been affected more than once, indicating that the users’ iCloud accounts had been compromised. It isn’t clear how the attacker accessed these accounts, but cloud security experts point to the localized nature of the event as a possible clue. It’s likely that a third-party database was compromised and the device owners’ passwords were stolen and reused. Some users affected by the Apple security attack have already reported workarounds; others can rely on Apple to reset their devices. In any event, the ransom should not be paid.

The Future of Mobile Device Security

Mobile platforms are increasingly susceptible to hostage tactics; mobile device management systems do not protect against these types of attacks. Since these types of attacks come from the compromise of server accounts, IT departments will be challenged to better protect corporate devices. Ultimately, protection against another Apple security attack really depends upon device owners. Solutions include that users learn to:

  • Implement a two-factor authentication process
  • Create complex passwords consisting of a combination of upper and lower case letters, numbers, and special characters
  • Change passwords frequently

What do you think of the recent bite taken out of these Apple devices?