Hackers are remotely locking Apple devices and demanding bitcoin payments
Apple iCloud appears has been used to force activate the 'Find My Device' option.
It's not a bug, it's a feature. That's what most technology companies will stress when a system designed for security is instead used for nefarious purposes.
Apple's "Find My Device" is one such tool which, in the past week, may have been abused for financial gain. In recent days, a number of MacBook users have claimed that hackers have been able to access their personal iCloud profiles to lock accounts and demand money.
Remote device locking is a legitimate tool offered by Apple for users who have had their MacBook, iPhone, Apple Watch or iPad become lost or stolen.
When Lost Mode is turned on, the device's screen will be locked with a passcode and users can display a custom message – contact details, for example.
Another available option will let users remotely wipe all of the content stored on their Apple device.
Two-factor authentication (2FA), in this scenario, proves useless because Lost Mode doesn't use it.
This is in case a victim's "trusted device" is the one which has gone missing. Typically, two-factor would add an extra layer of security to a user's regular sign-in process.
Earlier this week, around 20 September, a number of users took to Twitter to complain that their Apple devices had been compromised and held to ransom.
News of suspected intrusions was first reported by technology website MacRumors.
Back on 16 September, one Twitter user with the handle @bunandsomesauce wrote: "Y'all my MacBook been locked and hacked. Someone help me @apple @AppleSupport."
A screenshot of the Apple MacBook screen showed the hacker's message: "Pay me 0.01 btc [Bitcoin]. Then I will send code to ur email to unlock ur device."
Bitcoin is a form of cryptocurrency popular with cybercriminals because it is difficult to trace. In this instance, the ransom demand was the equivilant of $50 (£37).
Another user, called Jason Caffoe, appeared to have suffered the same ordeal later in the week, on 20 September, when his Apple accounts were seemingly targeted.
He wrote: "So a hacker gained access to my iCloud account (despite two-factor authorisation) while I was asleep this morning." A later tweet added: "They locked both of my computers remotely with a firmware password I don't know and can't bypass."
So what is happening?
While the identity of the hacker(s) is unknown, it is clear that iCloud account details are being misused. This would indicate that credential re-use is likely to blame, with usernames and passwords from other breaches being hijacked for these fresh attacks.
As MacRumors noted, impacted users' email addresses and passwords appear to have been used across multiple accounts. There is no evidence to suggest that Apple has been hacked.
How can I stay safe from the hack?
To stay safe, concerned users can change their Apple credentials and should ensure that usernames and passwords are not the same on any other websites. If your device has been locked down, it is highly advised to contact Apple's Support for direct help from the company.
Caffoe said his issue ultimately took up to 48 hours to get resolved.
He tweeted: "It sucks when your own security is used against you, but I'm glad most of it works as intended. With the one exception of @AppleSupport not having a 2FA option for Find My Device. Would have saved me half a week of lost productivity."
This is not the first time that Apple's "Find My" feature has been exploited, but the addition of a bitcoin demand is an interesting evolution which first surfaced in August last year.
Apple did not immediately respond to a request for comment from IBTimes UK.
© Copyright IBTimes 2024. All rights reserved.