Beware iPhone users, hackers are apparently using Apple¡¯s ¡°Find My Device¡± service to hold devices for ransom remotely. A number of people have reported having their iCloud accounts stolen in the past week, despite two-factor authentication.
¡°Find My Device is a free service from Apple to help you locate a lost or stolen iPhone or iPad. In addition, it also lets you remotely lock your device and have a custom message displayed to someone that may pick it up, a feature that the hackers are exploiting to extort money from the owners.
All the hackers need to make use of the ¡°Find My Device¡± is your iCloud username and password. It doesn¡¯t matter that you may have two-factor authentication, seeing as that precaution would be useless when the code is sent to the device you¡¯re trying to locate.
The question is, how do hackers get a hold of your iCloud details? Simple, they¡¯re already out there. As MacRumours reports, it¡¯s likely these compromised users were reusing password for their device, as well as other websites. When those third-party websites are breached and account details are leaked, it¡¯s a simple matter for hackers to try those same details for iCloud accounts. And clearly, some of those attempts worked.
So how do you stop these ransom attempts? Well, if you¡¯ve ever used the password for your iCloud anywhere else, change it immediately. That¡¯s pretty much the most basic precaution you can take, especially if you¡¯re in the habit of reusing passwords (which is a very very bad habit online).
You can also disable the ¡°Find My iPhone¡± feature on your device, by going to the Settings menu and tapping the row at the top with your name. It only disables the feature for the device you¡¯re currently on, so each Apple device you own would each need your attention.
But if you do that, you¡¯d best be sure you¡¯re not likely to lose your phone anytime soon.