Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
General Discussions
Security Awareness
Remote locking Apple devices
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Raz0rEdge" data-source="post: 1767891" data-attributes="member: 110816"><p>I've been reading a few posts on various places about people having their Apple devices (Macs and iPhones) getting locked with messages asking them to contact email addresses that end in @gmx.com who ask for payment in lieu of releasing the device. </p><p></p><p>Without paying the ransom, the only way to remove the lock on the device is to go to your nearest Apple Store and prove your ownership to them which allows them to remove the lock. This can be a huge pain if you have multiple devices and especially ones where you cannot clearly establish ownership (purchased an older machine used which doesn't have AppleCare for example)..</p><p></p><p>The method for these hackers to get access to your devices is fairly straightforward even if you have 2FA enabled on your account. When your AppleID is compromised, the credentials can be used to login to iCloud. Once the username/password is entered, the site properly sends the 2FA request, however at the bottom the page you can still access <strong>Find my Phone</strong> and <strong>Settings</strong> of the account. With access to Find my Phone, the hacker can see all of the devices on which you have enabled the Find My Phone functionality and can enable Lock Mode with a pin/passcode that you can't get around.</p><p></p><p>This is quite a huge security hole with Apple's system even when 2FA is enabled. Ideally, everything should be locked down until you fully authenticate yourself into the account.</p><p></p><p>So my suggested recourses are:</p><p></p><p>1) Ensure your Apple ID password is as solid as it can be. Use a password manager to create and save them.</p><p>2) Enable 2FA if you haven't already, just a good security measure</p><p>3) Disable <strong>Find My Phone</strong> on your devices (especially your Desktops, since they are not moving anyway). This just means that you have to keep a closer eye on your phones and Macbooks, but I suppose that is better than having someone remotely lock your devices..</p><p></p><p>I'll be sending feedback through the <a href="https://www.apple.com/feedback/icloud.html" target="_blank">iCloud Feedback</a> link and I think others should as well..</p></blockquote><p></p>
[QUOTE="Raz0rEdge, post: 1767891, member: 110816"] I've been reading a few posts on various places about people having their Apple devices (Macs and iPhones) getting locked with messages asking them to contact email addresses that end in @gmx.com who ask for payment in lieu of releasing the device. Without paying the ransom, the only way to remove the lock on the device is to go to your nearest Apple Store and prove your ownership to them which allows them to remove the lock. This can be a huge pain if you have multiple devices and especially ones where you cannot clearly establish ownership (purchased an older machine used which doesn't have AppleCare for example).. The method for these hackers to get access to your devices is fairly straightforward even if you have 2FA enabled on your account. When your AppleID is compromised, the credentials can be used to login to iCloud. Once the username/password is entered, the site properly sends the 2FA request, however at the bottom the page you can still access [B]Find my Phone[/B] and [B]Settings[/B] of the account. With access to Find my Phone, the hacker can see all of the devices on which you have enabled the Find My Phone functionality and can enable Lock Mode with a pin/passcode that you can't get around. This is quite a huge security hole with Apple's system even when 2FA is enabled. Ideally, everything should be locked down until you fully authenticate yourself into the account. So my suggested recourses are: 1) Ensure your Apple ID password is as solid as it can be. Use a password manager to create and save them. 2) Enable 2FA if you haven't already, just a good security measure 3) Disable [B]Find My Phone[/B] on your devices (especially your Desktops, since they are not moving anyway). This just means that you have to keep a closer eye on your phones and Macbooks, but I suppose that is better than having someone remotely lock your devices.. I'll be sending feedback through the [URL="https://www.apple.com/feedback/icloud.html"]iCloud Feedback[/URL] link and I think others should as well.. [/QUOTE]
Verification
Post reply
Forums
General Discussions
Security Awareness
Remote locking Apple devices
Top