A large number of Apple Mac, iPad and iPhone users in Australia have reported circumstances where they have been locked out of their devices by hackers demanding a fee to release them.
Several Australian newspapers have stated that users have had their devices held hostage or unexpectedly locked. They then receive an email from ‘Find My iPhone‘ and an on-screen message saying the device had been hacked, with the attacker demanding payment to unlock the device.
The Australian Government has advised that these latest attacks are possibly due to hackers trying to compromise the victim’s Apple ID and using this information to access their iCloud account. They then activate the devices ‘Lost Device’ mode and potentially reset the user’s access code. The advisory warns that “a hacker with access to your Apple ID can potentially lock any device associated with it remotely; they can see data you have stored in iCloud, access your Apple Store purchases and potentially set up two-factor authentication on your device, locking you out of your phone completely and even remotely erase your device.”
Two-Factor Authentication can also be used by end users for a variety of devices. It is a security feature that requires the user to input two different pieces of information in order to unlock security. Apple offers it as an optional security feature for all Apple devices. Apple advices that its users engage the authentication platform as “your Apple ID is the key to a lot of things you do with Apple, so it’s important that only you have the ability to access your account details, update your password, or make other changes to your account. Two-step verification is a feature you can use to keep your Apple ID account as secure as possible”.
Although the attack is currently limited to Australian users, it could easily spread elsewhere in the world.