03-18-2016 , 03:20 PM
Crook hijacks iCloud account, locks victim's Mac
Crooks have discovered a method of turning Apple's security features against the company's users, hijacking Apple iCloud accounts and making them behave as ransomware, locking users out of their devices and data.
An Apple customer reported this new novel attack scenario to US cyber-security vendor Malwarebytes, complaining about being locked out of their Mac and iPhone.
As it turned out, both devices were showing a message that read: "Contact me: hblackhat(at)mail.ru All your conversation sms+mail, bank, computer files, contacts, photos. I will public + send to your contacts."
Crook hijacked the user's iCloud account
Security researchers quickly understood what was going on, and the terrible situation the user was in, with Apple refusing to help her.
It was obvious to an experienced professional that a hacker had hijacked the user's (real name Ericka) iCloud account, and had used some of the security features that Apple put in place to protect devices from theft, but employed them for his evil purpose instead.
The hacker used the Find My Mac feature to lock the device and then show his message as a screensaver. This same message was also shown via the Find My iPhone feature, but Ericka's iPhone wasn't locked, and she was able to re-access her device's data.
Apple didn't help her, but they could have
With her iCloud account hijacked, and without a receipt for her Mac, which was purchased a long time ago, Ericka was not able to prove to Apple's staff that she was the device's real owner.
Apple refused to intervene, and did not unlock the device, nor reset her iCloud account. At the end of the day, the hacker had effectively locked all her data and iCloud backups.
While ransomware only infects a victim's data on phones or desktop computers, ransomware cannot encrypt data in iCloud accounts. Technically and theoretically, what the crook had perpetrated was even far worse and more intrusive than infecting users with ransomware since the victim was also locked out of her iCloud account.
If Apple would have been a nice guy, it would have unlocked Ericka's Mac, just like they did in 2014 with all the victims of the Oleg Pliss hijackings, when they stepped in to help the victims.
Source
Crooks have discovered a method of turning Apple's security features against the company's users, hijacking Apple iCloud accounts and making them behave as ransomware, locking users out of their devices and data.
An Apple customer reported this new novel attack scenario to US cyber-security vendor Malwarebytes, complaining about being locked out of their Mac and iPhone.
As it turned out, both devices were showing a message that read: "Contact me: hblackhat(at)mail.ru All your conversation sms+mail, bank, computer files, contacts, photos. I will public + send to your contacts."
Crook hijacked the user's iCloud account
Security researchers quickly understood what was going on, and the terrible situation the user was in, with Apple refusing to help her.
It was obvious to an experienced professional that a hacker had hijacked the user's (real name Ericka) iCloud account, and had used some of the security features that Apple put in place to protect devices from theft, but employed them for his evil purpose instead.
The hacker used the Find My Mac feature to lock the device and then show his message as a screensaver. This same message was also shown via the Find My iPhone feature, but Ericka's iPhone wasn't locked, and she was able to re-access her device's data.
Apple didn't help her, but they could have
With her iCloud account hijacked, and without a receipt for her Mac, which was purchased a long time ago, Ericka was not able to prove to Apple's staff that she was the device's real owner.
Apple refused to intervene, and did not unlock the device, nor reset her iCloud account. At the end of the day, the hacker had effectively locked all her data and iCloud backups.
While ransomware only infects a victim's data on phones or desktop computers, ransomware cannot encrypt data in iCloud accounts. Technically and theoretically, what the crook had perpetrated was even far worse and more intrusive than infecting users with ransomware since the victim was also locked out of her iCloud account.
If Apple would have been a nice guy, it would have unlocked Ericka's Mac, just like they did in 2014 with all the victims of the Oleg Pliss hijackings, when they stepped in to help the victims.
Source