Apple says iCloud breach not to blame for iOS devices attack

29 May 2014

1

Apple said an iCloud breach was not to blame for the recent spate of iOS devices held hostage by malicious elements via Apple's Find My iPhone service, PC World reported.

Many users in Australia and several other countries had reported being locked out of their iDevices by a third party who demanded a $100 ransom to restore control of iPhones and iPads to their rightful owners.

Apple said in a statement to ZDNet earlier: "Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."

According to the PC World report, although Apple did not  explicitly say so, it seemed to be implying that the attacks were the result of reusing the same username and password across multiple online accounts. The same scenario had also been suggested by Troy Hunt, a developer and web security specialist based in Sydney, Australia.

Meanwhile, The Guardian newspaper reported that users in the Australia were asked to send AU$100 (£55) via PayPal to a Hotmail address, lock404@hotmail.com, to have their devices unlocked.

However, affected users were warned against making the payment. According to PayPal there was no account connected to lock404, and that it would refund anyone who had sent money.

The hacker gained access to the owners' iCloud accounts – which were linked to every iPhone and iPad – turned the "Find my iPhone" setting on, which could be configured remotely lock the device with a passcode if the owner had not already set it.

According to David Emm, from the global research and analysis team at digital security firm Kaspersky Lab, it seemed likely that cybercriminals gained access to Apple ID credentials, for example by using phishing emails targeting Apple IDs, The Guardian reported.

He added scams of the kind had been around for years. He said by using the credentials to access an Apple iCloud account, the attackers could enable the 'Find My iPhone' service.

He added this was clearly a form of ransomware, previously only seen on PC and, recently, on Android devices – although in those cases malware was used to trigger this behaviour. He said, the campaign came as further proof that cybercriminals were adopting criminal business models developed for the PC, applying them to new areas and fine-tuning their methods.

Though the hacker could lock the devices via the iCloud interface, anyone who had already set a security passcode to prevent access to it was able to unlock it using that passcode. Users that who set a passcode could reset their device by connecting it to a computer and restoring it from an iCloud backup.

( See : Apple acquires Beats for $3 bn in biggest acquisition to date )

Business History Videos

History of hovercraft Part 3 | Industry study | Business History

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2 | Industry study | Business History

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1 | Industry study | Business History

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | Industry study | Business History

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more
View details about the software product Informachine News Trackers