Many iPhone and iPad users were shocked to wake up and find that their devices had been locked out remotely – and they’d have to pay up if they wanted them unlocked.
Reports are coming in from Australia of hackers locking out users’ iPhones. When users turn on their phones, a message appears demanding that they pay a ransom to have it unlocked. They’re told that making a payment to a PayPal account will get their phones unlocked.
While information is still coming in, it appears that this hacker (or group of hackers) uses hacked passwords from Apple ID. This sign-on is used by iTunes, iCloud, Apple devices and more. It appears that the hackers are using the devices’ “lost mode” to lockout phones.
This is a security method designed to keep a stolen or lost phone from being used by criminals – instead it’s being used to keep the rightful owner away by criminals.
What to do to protect your iPhone
You and any iPhone or iPad users in your organization should make it a priority to change Apple ID passwords immediately.
It’s still not exactly clear how this attack happened, but if it’s relying on previously stolen passwords, this measure can protect you. You’ll also want to follow Apple’s instructions to bypass a lock on the phone if you find yourself locked out.
Also, you may want to disable the lost phone feature until you’re able to make sure the phone isn’t compromised.
For the long-term, set up two-step verification. This all-too-often under-utilized tool can prevent many of the attacks that users face.
And one thing experts agree on: Don’t pay the ransom. Not only is there no guarantee the hackers will actually back off, they could keep increasing their demands and leaving you shelling out more and more money without ever unlocking the device.