There are reports coming out of Australia about iPhones and iPads somehow getting locked down by Find my iPhone, in some cases with a "held hostage" message claiming the devices will only be unlocked if a $50 ransom is paid. What makes this bizarre is that it appears to only be happening in Australia (and the internet has no borders) and it's unclear how the attackers are accessing Find my iPhone for the devices in question. So, what's going on?
One theory is that some other, local service was hacked and because people were using the same email and password combinations, the attacker could access their iPhones and iPads online via Find my iPhone as well. But why just Find my iPhone, why only some hostage messages, and why $50? It feels almost more like the hack equivalent of stealing a car for a joy ride.
Unless and until we get more information, the story does serve as yet another reminder that we need to be proactive about our security.
First and most importantly, if you aren't using one already, set up a strong, unique password for your Apple ID — which is what's used by Find my iPhone and other Apple services — and for any other critical internet account you have, including Google, Amazon, or anything tied to your communications or credit cards.
Yes, strong, unique passwords are more difficult and tedious to use, and you will almost certainly require a password manager app to use them, but the extra effort is more than worth it based on the protection they provide. It means that if any one service is ever hacked, you'll only have to worry about that service, not every other one that uses to the same email address and password.
Second, set up and use two-step authentication for your Apple ID and for Google and any other critical service you use that supports it. Again, it's a far greater pain in the apps than not using it, but it affords a much higher level of protection because even if someone gets your password, that's only 1 of the 2 steps. It makes taking over your account immeasurably more difficult.
Also, if there are security questions, pick non-guessable answers and store them in your password manager as well. Attackers can find out the name of your first pet, first friend, or street you grew up on. It's immeasurably harder to compromise random characters or words you stuck in as answers.
If you use iCloud for backup a quick resolution isn't so clear. Personally, my first reaction would be to turn off my device, go to Apple ID password recovery, reset my password if I could (strong and unique!), then still go into recovery mode but then restore as a new iPhone or iPad. Once my device was back up and running, I'd go to Settings > General > Reset, wipe it, and then try restoring from the latest iCloud backup. If none of that worked, I'd go to an Apple Store with my proof of purchase, or call Apple support.
We're still looking into the story, and we'll report back if and when we find out more. Either way, Apple has a phenomenal security team and since this incident has been widely reported it's probably safe to assume they've seen it too. Whether there's anything Apple can do on their end, or whether it's really just all of us using better, stronger, unique passwords that fixes stuff like this we'll have to wait to find out.
The only thing we know for certain right now is that better, stronger, unique passwords is all any of us — users, customers, people — on our end can ever do, and it's an incredibly effective thing to do.
If you've experienced this hack, recovered from it, or have any advice or opinions in general to share, please let me know in the comments.