Apple’s “Find My iPhone” Allows Hackers to Lock Devices Remotely

“My iPhone was hacked and put into lost mode.” That’s one of the reports that people submitted lately in the Apple’s discussion forum. Although Mac is dubbed as the most secure operating system on the market and ransomware attacks on it are extremely rare, the unforeseen flaw in Apple’s “Find My iPhone” left tens of people locked out of their iPhone, iPad, and Mac devices.

Hackers use “Find My iPhone” service to lock Mac devices remotely

Find My iPhone is a security tool, which was developed by Apple in 2010. Its purpose is to protect Mac devices from loss/heft or rather prevent strangers from accessing data available on a lost or stolen device.

The “Find My iPhone” app uses an iCloud service,^[1] which enabled the GPS on the lost/stolen device and displays its location on a map. To get the location of the device, the user has to sign in to iCloud account using any web browser and enable the “Lost Mode.”

Normally, iPhone, iPad or other Mac device users use two-factor authentication,^[2] which protects Apple ID. To put it clearer, when you sign in to your Mac device for the first time and set up the two-factor authentication, your device is treated as trustful. If you would like to sign in to another device using the same Apple ID, two-factor authentication will be enabled and you would receive a confirmation message in the trusted device asking to approve the connection by entering your password and six-digit verification code.

Consequently, if someone else finds out your Apple ID password, don’t worry because you will be informed about an unauthorized usage of your ID and, therefore, could change the password. However, two-factor authentication does not work if the device user enables the “Lost Mode.”

In other words, if you sign into your iCloud account and enable the “Lost Mode,” the device that you select from the devices list is locked immediately without two-factor authentication. Actually, that’s self-understanding if you won’t have your trusted device to which the verification code is sent.

iCloud Ransom Phenomenon

As we have explained above, the “Find my iPhone” service on iCloud allows partial access to the Mac devices when “Lost Mode” is enabled. Recent people’s reports show that such decision is nothing else but a design flaw, which allows cybercriminals to hack iCloud accounts and lock Mac devices remotely.

This, so called, iCloud ransom attack is possible only if hackers find out the iCloud account password. Although iCloud hasn't been breached,^[3] the data might have been revealed during other data breaches, including LinkedIn,^[4] MySpace, DropBox, or Last.fm where identical passwords were used for accounts.

Apple ID is compromised, not the device itself

If a hacker enters your iCloud account, he or she does see the list of devices. Nevertheless, he can’t access the data without two-factor authentication. The only option that he has is to select the device and enable the “Loss Mode,” which locks the device.

Besides, the “Loss Mode” allows sending a message to the lost device. Thus, a hacker who compromises the iCloud account sends a demand to pay a ransom, which currently varies between $20 and $50. Since the ransom is not big yet, most of the Mac users decided to pay the ransom.

Prevent your Mac from iCloud ransomware

Apple hasn’t yet responded to people’s complaints, so Mac users are complaining the company for not taking the immediate actions. While the iCloud ransom campaign hasn’t yet dispersed, it’s advisable to take precautionary measures to keep your device safe.

First of all, change your Apple ID password and never use it for other accounts. Besides, make sure to change the password regularly. Besides, enable the two-factor authentication even if hackers may render it useless by enabling the “Lost Mode.” Nevertheless, two-factor authentication will definitely protect your personal information from loss. Finally, but most importantly, disable the Find My iPhone feature, at least since Apple decides how to fix this flaw.