--> Skip to main content

iPhone and MacBook Sudden Locked Alone ? Read This !

iPhone and MacBook Sudden Locked Alone ?

The second week of August 2017, Apple gadget users, such as iPad, iPhone, and MacBook computers get an unpleasant surprise. How not, this Cupertino output device is suddenly locked. In most cases, users are even required to enter an unknown PIN. 

As if not enough, there is a threat message on the block screen. Contents, if you want to get PIN access to the device, the victim should contact the e-mail address that has been determined.Based on information from some victims who tried to contact the e-mail address, the cracker who blocked the Apple device requested a ransom in the form of Bitcoin. The promised pay will get the device opening PIN. 

Blocking the device happens in quite massive and simultaneous. One thing that makes head shaking is Apple or iCloud account that has activated Two Factor Authentication (TFA) also experienced an attack known as Lost Mode attack.


What is "Lost Mode"?

Lost Mode is a new feature available on iOS 6 and above. As the name suggests, this feature is intended for users who feel their Apple device is missing. 

Users can set up messages that will appear on the device screen when Lost Mode is on. For example, please return this device to a specific address. 

This mode will also activate GPS tracking mode. With this, you can see the location of the device. One of the requirements to enable Lost Mode or Find your device is the access must know the data credentials completely. The username and password of iCloud or Appleid account is absolute.


ICloud Database leaked?

Then, how the ransom attack using Lost Mode can happen? For the record, the attacks are quite massive and occur in many countries. Even so, the attack in Asia had just occurred simultaneously last week. Meanwhile, other attacks have been observed since 2014. 

Lost Mode requires credential data username and password, meaning the attacker must get both data first can only do the attack. The method used can be various such as:• Phishing• Malware or keylogger• Bruteforce• The leaked iCloud or Appleid user database 

Given the scale of the attacks and some interviews with the victims of this Lost Mode attack, where any user who from iCloud first turns on has never visited any site or entered their iCloud credentials on any site, then the possibility of a phishing attack can be ignored. 

While the possibility of malware and bruteforce attacks can be a possibility but usually this attack is targeted attack and not massive. Therefore, the biggest possibility is the leak of the iCloud user database. 

This leak could be from Apple or a third party even in the official release of Apple denied leakage database or weakness of the user database security system.


Exploit Lost Mode

Then, how technical attack Lost Mode is done? Assuming the attacker has already pocketed iCloud credentials, the cracker only needs to visit the icloud.com site and enter the requested credentials and enable Lost Mode. 

But there is one question that intrigued and questioned many Apple users who become victims of Lost Mode. 

In the account that TFA is enabled, why still can still be attacked by Lost Mode? Though the attacker obviously can not access one time password (OTP) is sent. 

After further investigation, it turns out that on accounts that have enabled TFA, Lost Mode can be accessed without the need to enter OTP. When the OTP request screen appears, the cracker can already activate Lost Mode and lock the iCloud account hardware in question. 

So the cracker can enter a message when the lock screen appears and this is used to display the e-mail address that needs to be contacted to request a ransom. 

After the message is inserted, a screen will appear to enter the device lock PIN, here only cracker that enables Lost Mode that knows the PIN it enters.



For note, if a locked device is an iPhone or iPad secured with a PIN by the device owner, automatically the Lost Mode lock PIN is the iPhone or iPad lock pin. 

Unlike a Mac computer that is not likely to be secured with a locking PIN, the Mac device will not be accessible without a Lost Mode PIN except for Factory Reset. 

But please note, if do Factory Reset, all data stored on the Mac computer will be lost.

Solutions and Prevention

For those of you iPhone or iPad users who have fallen victim to Lost Mode and have activated locking PIN, you can login to iCloud with credential data and instantly turn off Lost Mode feature. Immediately change the password and activate TFA. 

If you're a Mac user, Factory Reset will help, but it removes all data. It is possible that your data can be backed up by removing the hard disk or SSD of a locked Mac computer and copying the data from the hard drive to another computer before doing Factory Reset. 

If you do not understand how to do this, please contact the Apple Store or the nearest Apple authorized store. 

For those of you who have not been victim of Lost Mode, Vaksincom has only 1 suggestion:REPLACE PASSWORD iCloud immediately and save well. 

If you have not enabled TFA please enable TFA to improve account security and backup important data properly and correctly. 

Even if you have TFA enabled, you still need to change iCloud password because Lost Mode attack can be done without entering OTP from TFA.
Comment Policy: Silahkan tuliskan komentar Anda yang sesuai dengan topik postingan halaman ini. Komentar yang berisi tautan tidak akan ditampilkan sebelum disetujui.
Buka Komentar