Hackers threaten to wipe Apple devices

According to a report from Motherboard, a group of hackers calling themselves “Turkish Crime Family” is threatening to remotely erase devices belonging to hundreds of millions of Apple customers. They will do this on April 7, they say, if Apple doesn’t pay them a ransom.

The hackers claim to have access to over 300 million iCloud e-mail addresses (addresses ending in @icloud.com, @me.com, or @mac.com), and 559 million Apple ID accounts in all. (Keep in mind that an Apple ID need not be associated with an iCloud e-mail address.) However, the hackers have provided no proof of this, beyond a supposed YouTube video showing them logging on to a few iCloud accounts.

I’m a bit skeptical of these claims. I seriously doubt that they have the credentials to access that many accounts. There’s no indication that there has been an Apple ID breach, so it seems more likely that their source of credentials – if any – would be from phishing scams.

However, it would take time for phishing scams to gather that many accounts and some of the data gathered would “expire,” as people change passwords or enable two-factor authentication. (It’s not unusual for people to fall for a phishing scam, but get suspicious after they’ve provided their credentials due to unexpected results.)

It could also, of course, be a sham. The hackers could have a handful of credentials that they used to make their YouTube video and they’re pretending to have more in hopes that Apple will pay their ransom.

Still, there’s a very real chance that at least some number of Apple devices could get remotely locked or erased on April 7. If you have a Mac, iPhone, or iPad, what can you do to make sure this doesn’t happen to you? There are a few basic steps you can take to ensure that, if these hackers are telling the truth, you aren’t among the victims.

 

Change your password

First and foremost, change the password for your Apple ID. To do so, simply log in here:

https://appleid.apple.com

Once you’re logged in, scroll down to the Security section and click the Change Password link.

Enable two-factor authentication

Your password is only one barrier to entry to your Apple ID account and it’s not really enough these days. Two-factor authentication (2FA) requires you to have two things in order to log in to your iCloud/Apple ID account: something you know (your password) and something you have. In the case of an Apple ID, that second factor is a trusted device, which could be any of your Apple devices.

When you enable two-factor authentication, you will get alerts on your trusted device(s) whenever someone tries to log in to your Apple ID. You will be shown a map of the general area the access is coming from and can allow or disallow it. If you allow it, you’ll be asked to enter a 6-digit code, which is displayed on your trusted device(s). This code is different every time.

Obviously, this isn’t much of a deterrent for someone who has physical access to one of your trusted devices and who knows your Apple ID password. However, this is quite good for protecting against remote access to your Apple ID by someone who has captured your password.

To learn more about Apple’s two-factor authentication, including how to enable it, see:

https://support.apple.com/HT204915

Note that if you currently have Apple’s older two-step verification turned on, which uses four-digit codes, that is pretty good, but not quite as secure. It’s adequate to protect against this particular threat, but at some point you should consider switching over to two-factor authentication.

 

Disable Find My Mac/iPhone

Personally, I want to keep this feature turned on for all my devices. This allows me to remotely wipe any device that has been lost or stolen, potentially find a lost device by making it play a loud sound, and other useful things. If you’ve taken the precautions above turning this feature off shouldn’t be necessary.

However, if your opinion differs from mine and you don’t want to be able to remotely locate and take action on a device from your iCloud account, you can disable Find My Mac or Find My iPhone on that device.

On a Mac, open System Preferences and click the iCloud icon. Then simply uncheck the Find My Mac box, at the bottom of the list.

On an iOS device (e.g. an iPhone or iPad), open the Settings app and tap the iCloud item, then scroll down to the Find My iPhone item.

If Find My iPhone is listed as being turned on, tap it, and on the next page, flip the “switch” to turn it off.

Once Find My Mac/iPhone is disabled, even if a hacker somehow manages to gain access to your iCloud account, they will be unable to remotely wipe or lock that device. That also means, however, that you will be unable to do anything about it if someone steals that device.

 

Back up your devices

If all else fails and your device does somehow get wiped – or if it gets lost, stolen, destroyed, the data is corrupted somehow, or any other issue that can cause data loss occurs – a good set of backups is important.

Your Mac can be backed up very easily using Time Machine, a third-party backup program, or one of the various cloud-based backup services. Whatever you do, make sure that your files are backed up both locally (on one or more hard drives in your home or office) as well as off-site (either an online backup or on a hard drive that you keep in another location).

Your iOS devices can be backed up to iCloud, but of course, if someone gains access to your iCloud account, that’s not adequate protection. I recommend also backing up onto your computer periodically via iTunes. If that computer is kept backed up, that protects your iOS device backups as well.

The post Hackers threaten to wipe Apple devices appeared first on Malwarebytes Labs.