Apple says iCloud breach not to blame for iOS devices attack
29 May 2014
Apple said an iCloud breach was not to blame for the recent spate of iOS devices held hostage by malicious elements via Apple's Find My iPhone service, PC World reported.
Many users in Australia and several other countries had reported being locked out of their iDevices by a third party who demanded a $100 ransom to restore control of iPhones and iPads to their rightful owners.
Apple said in a statement to ZDNet earlier: "Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."
According to the PC World report, although Apple did not explicitly say so, it seemed to be implying that the attacks were the result of reusing the same username and password across multiple online accounts. The same scenario had also been suggested by Troy Hunt, a developer and web security specialist based in Sydney, Australia.
Meanwhile, The Guardian newspaper reported that users in the Australia were asked to send AU$100 (£55) via PayPal to a Hotmail address, lock404@hotmail.com, to have their devices unlocked.
However, affected users were warned against making the payment. According to PayPal there was no account connected to lock404, and that it would refund anyone who had sent money.
The hacker gained access to the owners' iCloud accounts – which were linked to every iPhone and iPad – turned the "Find my iPhone" setting on, which could be configured remotely lock the device with a passcode if the owner had not already set it.
According to David Emm, from the global research and analysis team at digital security firm Kaspersky Lab, it seemed likely that cybercriminals gained access to Apple ID credentials, for example by using phishing emails targeting Apple IDs, The Guardian reported.
He added scams of the kind had been around for years. He said by using the credentials to access an Apple iCloud account, the attackers could enable the 'Find My iPhone' service.
He added this was clearly a form of ransomware, previously only seen on PC and, recently, on Android devices – although in those cases malware was used to trigger this behaviour. He said, the campaign came as further proof that cybercriminals were adopting criminal business models developed for the PC, applying them to new areas and fine-tuning their methods.
Though the hacker could lock the devices via the iCloud interface, anyone who had already set a security passcode to prevent access to it was able to unlock it using that passcode. Users that who set a passcode could reset their device by connecting it to a computer and restoring it from an iCloud backup.
( See : Apple acquires Beats for $3 bn in biggest acquisition to date )
