Ransomware Strikes The iPhone

For all those who have been told Apple’s devices don’t suffer the security issues that Microsoft devices do this article may come as a shock.  For those who know that Apple devices are frequently the first operating system hacked at hacker’s conventions you won’t be surprised at all.

Ransomware, executed via Apple iCloud’s “Find my iPhone” feature, is hitting iOS devices, although for the time being those devices are overwhelmingly in Australia.

The “Find my iPhone” feature is intended for you to use, naturally, when you’ve lost your phone.  From Apple: “If your device goes missing, put it in Lost Mode immediately. Enter a four-digit passcode to prevent anyone one else from accessing your personal information.”  You access this feature via Apple’s iCloud and once you’ve locked it, Apple tells you to send it a message, something like, “This iPhone has been lost, please call me if found xxx-xxx-xxxx.”

This is a great tool if you’re phone has been lost.  Say someone finds it on the floor at the movie theater they know exactly how to get it back to you.

Now if you’re a cyber criminal and you’ve acquired someone’s iCloud credentials you can do exactly the same thing, except now you’re holding their phone hostage until they pay you a ransom.


Another feature the criminals are using is the “Play Sound” feature.  This would work, say if your phone had been lost under a movie theater seat and wasn’t readily visible, people around in the theater would take notice of the phone in the area making noise at full volume.  However for the cyber criminals this is just to get your attention and victims are reporting their phones going off and waking them up at all hours of the night.

And when they look at their phone making that horrible racket they see the ransom message.  Any attempt to unlock their phone now requires the PIN that was just set by the cyber criminal.

So what do you do now?  Pay the ransom?  NO!  The easiest way to recover from this is to simply restore from a backup via iTunes. That is, as long as you have a backup in iTunes and it’s fairly recent or you’re ok with loosing a certain amount of data such as photos taken since the last backup.  Now if you were at your sister’s wedding last weekend and haven’t backed up since then, paying the ransom may seem like a fine price compared with explaining to your sister you lost all the wedding pictures you took.

If you were backing up to the iCloud that’s another option for restoring from backup; although that is dependent on whether or not you can access your iCloud.  The cyber criminal is after all, already controlling your device from iCloud and may have taken the extra step of changing your password so you won’t be able to access your devices this way either.  They also may delete the backups you’re storing on iCloud to encourage you to pay their ransom.

If all else fails head to your local Apple store, they will be able to help you determine what backup options you have and how best to go about restoring your phone.



1 Comment

Leave a Reply

Your email address will not be published.

Back to top