Hackers are remotely taking control of people’s iPhone or MacBook and demanding a ransom from affected users in order to unlock their devices.
Scores of users have taken to social media to report that they have been locked out of their Apple devices.
The hack is made possible by hackers using Apple’s “Find My” to take control of people’s accounts.
The Find My service allows users to easily locate their device if it has been lost or stolen.
It then lets you remotely lock the device, making the phone useless to whoever stole it.
However, sneaker hackers are using the service to lock unsuspecting users out of their device.
If the hacker has access to your Apple ID and password then they can log in to the Find My feature on icloud.com and remotely lock the Apple device with a passcode set by the hacker.
The hack even works if two step authentication is enabled on the affected account as Apple does not request this for the Find My feature.
Affected users are then receiving a ransom message which demands payment in Bitcoin to unlock the device, MacRumors reported.
So a hacker gained access to my iCloud account (despite two-factor authorization) while I was asleep this morning.
— Jason Caffoe (@jcaffoe) September 20, 2017
— Jovan (@bunandsomesauce) September 16, 2017
While it is alarming that hackers can take over Apple devices so easily, the hack doesn’t seem to be widespread and could even be the work of a sole perpetrator. There is also no suggestion that the hack is related to a breach at Apple.
It is more likely the result of the hacker obtaining login details from other security breaches and those who are victims having used their iCloud credentials on other online accounts.
How Apple users can avoid being hacked
– To avoid being hacked in this manner you should update the password on your iCloud account immediately – especially if you know you have used this on other online accounts, such as on LinkedIn, MySpace or Yahoo.
– You can also check if the login credentials for any of your online accounts have been compromised by hackers by checking haveibeenpwned.com.
– If you don’t already, consider using a password manager to help manage your passwords.
– Never use the same password across multiple online accounts