A few Mac laptop users say they have recently been victims of a rather simple ransomware-style attack that disables their gadgets. The attack relies not on installation of ransomware, but rather turning a user’s “Find My iPhone” against them.
Find My iPhone is an incredibly useful feature that has rescued numerous gadgets from being lost or stolen, and in a few cases, even helped catch criminals. But online criminals have apparently figured out how to turn the tables on the technology.
The feature smartly allows those who’ve lost their phones or Macs to disable them until found. That prevents a would-be thief from accessing data. Unfortunately, criminals have discovered that anyone who has access to a Mac’s attached iCloud account can remotely lock it with a PIN code. The feature also lets gadget owners enter a message, like “Please call 555-1212 if found.” Criminals are using that technology to demand bitcoin ransoms for the gadget’s unlock code, victims say.
Jason Caffoe of Seattle said this happened to him on Sept. 20.
“They locked both of my computers remotely,” he Tweeted. “It sucks when your own security is used against you.”
A user named Jovan had the same complaint on Sept. 20.
“My MacBook been locked and hacked. Someone help me,” he wrote.
Caffoe told me that Apple workers at the Genius Bar got his computers up and running within a day, but he had to wait a week to get an appointment.
Jovan was publicly contacted by Apple customer support several times, but he told me that he’s traveling, and so far hasn’t been able to get to an Apple store for a fix.
Even users who have enabled two-factor authentication can be hit by the attack, because it’s possible to remotely lock a Mac without the two-factor requirement.
Its’s unclear how the hackers were able to access users’ iCloud accounts, but there are plenty of ways to obtain user credentials. Logins stolen from other sites work in many cases, because consumers often re-use passwords.
Last year, 9to5mac.com reported that similar Find My iPhone attacks were being conducted against iPhones, but those are considerably less effective. because victims can simply unlock the phone with its standard PIN. Still, a panicked victim might consider paying the ransom, the publication noted.
I’ve asked Apple to comment on the new attack; so far, the company has told me it won’t comment. I’ll update this story if and when that changes.
RED TAPE WRESTLING TIPS — WHAT TO DO
For now, users don’t have a lot of great options. The only real way to prevent the attack is to turn off Find My iPhone, which LifeHacker.com recommends. I don’t. Find My iPhone is still incredibly useful, and at the moment, I’d say the risk of losing your phone and being unable to retrieve it is greater than the risk of this ransom attack. It’s possible, however, that might change. Watch the news (and my site) to see if this attack starts to really spread.
In the meantime, now would be a good time to change your iCloud password. How strong should your password there be? Think about how important your Mac or iPhone is to your daily life and act accordingly.
Google offers a similar feature for Android phones called “Find My Device.” It’s not clear that hackers have begun using the same attack against Androids, but that’s likely. So you should consider updating your Google password too.