Q1 2014 Report: Innovative New Threats Targeting Mobile OSes You may have heard the recent news about Apple devices that have been remotely locked and are being held for ransom. If not, here is Symantec’s explanation of what’s going on: Based on initial feedback, a number of Apple IDs have been compromised and used to […]
Q1 2014 Report: Innovative New Threats Targeting Mobile OSes
You may have heard the recent news about Apple devices that have been remotely locked and are being held for ransom. If not, here is Symantec’s explanation of what’s going on:
Based on initial feedback, a number of Apple IDs have been compromised and used to lock iPhones, iPads, and Macs. It remains unclear exactly how the Apple IDs were compromised, but possible explanations include phishing attempts, weak passwords, or password reuse. A separate breach involving emails and passwords used to login to Apple and iCloud could have facilitated the compromise of the Apple IDs.
The Symantec blog post added that once the device is compromised, the hackers can access the Find My iPhone or Find My Mac feature. With the ability to control that feature, the hackers are able to control certain features, like Lost Mode and lock down the phone and hold it for ransom.
The problem began in Australia, but the attacks have reportedly spread to other countries, including the United States and Canada.
According to Apple Insider, the folks at Apple say that iCloud was not compromised. But iCloud credentials were, so Apple is advising its users to change their passwords. But as Grace Zeng, security researcher with SilverSky told me in an email, it isn’t quite that simple:
Many users tend to use the same credentials across multiple sites. As iCloud/Apple IDs have to be registered email addresses, chances are good that some passwords are the same as their email accounts. It could be the case that one’s email address and password was leaked as a result of phishing emails or recent retailer data breaches, and attackers were able to use this same credential to log on to iCloud.
However, a simple solution to unlock your device would be to type in the device’s passcode, the same one you’d use to unlock it for regular use. One problem with this, though, is that according to a recent study by Consumer Reports, 34 percent of users still do nothing to protect their smartphones, including using a passcode to access the phone. The survey doesn’t include computers, but how many of us have a passcode for our laptops? Remember, Macs were affected by this attack, as well. If users aren’t able to unlock their device with their regular passcode or PIN, they’ll have to reach out to Apple for support.
As far as attacks go, this won’t rank up there as one of the most devastating (although perhaps it might be one of the most annoying). Yet, as Andrew Jaquith, CTO and SVP of Cloud Strategy with SilverSky told me, this may be a precursor of things to come:
The bigger lesson here is that as consumers rely more and more on cloud services to manage their devices, automate their homes and consolidate their entertainment, thieves will increasingly target these services.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
