- Joined
- Jul 17, 2009
- Messages
- 15,770
- Reaction score
- 2,110
- Points
- 113
- Location
- MA
- Your Mac's Specs
- 2022 Mac Studio M1 Max, 2023 M2 MBA
I've been reading a few posts on various places about people having their Apple devices (Macs and iPhones) getting locked with messages asking them to contact email addresses that end in @gmx.com who ask for payment in lieu of releasing the device.
Without paying the ransom, the only way to remove the lock on the device is to go to your nearest Apple Store and prove your ownership to them which allows them to remove the lock. This can be a huge pain if you have multiple devices and especially ones where you cannot clearly establish ownership (purchased an older machine used which doesn't have AppleCare for example)..
The method for these hackers to get access to your devices is fairly straightforward even if you have 2FA enabled on your account. When your AppleID is compromised, the credentials can be used to login to iCloud. Once the username/password is entered, the site properly sends the 2FA request, however at the bottom the page you can still access Find my Phone and Settings of the account. With access to Find my Phone, the hacker can see all of the devices on which you have enabled the Find My Phone functionality and can enable Lock Mode with a pin/passcode that you can't get around.
This is quite a huge security hole with Apple's system even when 2FA is enabled. Ideally, everything should be locked down until you fully authenticate yourself into the account.
So my suggested recourses are:
1) Ensure your Apple ID password is as solid as it can be. Use a password manager to create and save them.
2) Enable 2FA if you haven't already, just a good security measure
3) Disable Find My Phone on your devices (especially your Desktops, since they are not moving anyway). This just means that you have to keep a closer eye on your phones and Macbooks, but I suppose that is better than having someone remotely lock your devices..
I'll be sending feedback through the iCloud Feedback link and I think others should as well..
Without paying the ransom, the only way to remove the lock on the device is to go to your nearest Apple Store and prove your ownership to them which allows them to remove the lock. This can be a huge pain if you have multiple devices and especially ones where you cannot clearly establish ownership (purchased an older machine used which doesn't have AppleCare for example)..
The method for these hackers to get access to your devices is fairly straightforward even if you have 2FA enabled on your account. When your AppleID is compromised, the credentials can be used to login to iCloud. Once the username/password is entered, the site properly sends the 2FA request, however at the bottom the page you can still access Find my Phone and Settings of the account. With access to Find my Phone, the hacker can see all of the devices on which you have enabled the Find My Phone functionality and can enable Lock Mode with a pin/passcode that you can't get around.
This is quite a huge security hole with Apple's system even when 2FA is enabled. Ideally, everything should be locked down until you fully authenticate yourself into the account.
So my suggested recourses are:
1) Ensure your Apple ID password is as solid as it can be. Use a password manager to create and save them.
2) Enable 2FA if you haven't already, just a good security measure
3) Disable Find My Phone on your devices (especially your Desktops, since they are not moving anyway). This just means that you have to keep a closer eye on your phones and Macbooks, but I suppose that is better than having someone remotely lock your devices..
I'll be sending feedback through the iCloud Feedback link and I think others should as well..