Q: My devices have been hacked. What do I do?

How many people from the usa have been locked out of their phones?

I have seen about 3 so far from reading the threads.

i havent been locked out of mine. I shut my find my iphone off.

Switched password. Dont give it to no one.

Oh dear, there is alot of missinformation being posted in here.  Talk to Apple directly if you are effected and do not follow any instructions being posted here if you are not confident.  You need to be sure that your iOS backups are valid and recent.

Just as a data point, I look after litterally hundereds of Apple users in an Australian enterprise environment and have seen a total of 1 person effected.  Anecdotally the issue appears to be effecting a very limited number of people.

I am also in Australia.

I would appreciate some advice being as I am out of my depth here. The permutations and combinations of causes, effects and possible solutions have me a bit perplexed.

In our house we have

Two iPad 2 [both have wifi only]

One iPhone 4 [Telstra carrier]

One iPhone 5S [Optus carrier]

All have iOS 7.0.6

One iMac with OS X 10.9.2

I have cancelled iCloud accounts from each device [thus Find my Phone also] and all devices have Passcode lock active. I realise I shall need to change Apple IDs and iCloud passwords.

So far I appear to have dodged the bullet. Telephony on the iPhones still operating.

Three questions:

1     Is there anything else I need to do to stay safe until all this blows over or something definite comes from Apple,

2     Is use of wifi on all devices through my router OK to use.

3     Anything needed to protect the iMac.

Thanks for any advice

I think about easy case - what if I am overseas during holidays or business trip and my computer with iOS backup is in home. It will be painful, so I don't like this case to happen again...

I have 1 device locked, it can't connect to iTunes because it lost connectivity to Find My Phone and I am unable to move it out from Stolen mode. Apple unable to help me except totally clear it. I have several photos there which were not backuped from family event, I don't wish to lost it... Will wait couple of days for any official announcement from the Apple...

So are you trying to pin down how this one user has been nobbled? Websites visited? FaceTime used? Whatever? I don't know anyone affected.

Peter Sealy1 wrote:

 

I am also in Australia.

 

I would appreciate some advice being as I am out of my depth here. The permutations and combinations of causes, effects and possible solutions have me a bit perplexed.

 

In our house we have

Two iPad 2 [both have wifi only]

One iPhone 4 [Telstra carrier]

One iPhone 5S [Optus carrier]

All have iOS 7.0.6

One iMac with OS X 10.9.2

 

I have cancelled iCloud accounts from each device [thus Find my Phone also] and all devices have Passcode lock active. I realise I shall need to change Apple IDs and iCloud passwords.

 

So far I appear to have dodged the bullet. Telephony on the iPhones still operating.

 

Three questions:

1     Is there anything else I need to do to stay safe until all this blows over or something definite comes from Apple,

2     Is use of wifi on all devices through my router OK to use.

3     Anything needed to protect the iMac.

 

Thanks for any advice

The only thing you need to do is:

* have a good backup procedure in place for all your devices

* have a strong password.

* keep all your software up to date (I notice you're on iOS 7.0.6 and OS X 10.9.2. Both are old versions — update asap!)

All the other steps you have already taken were unnecessary, you might as well undo them.

Here's a good article on passwords, compare his advice to your own password and adjust accordingly: https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html

Rvolkov's case is very interesting. All 4 devices on one AppleID all with find my Iphone enabled and only 2 of them were hacked? now that is interesting. Not sure what to make of it but the fact all 4 were not hacked if its find my iphone based is strange. Everyone thinks they are covered if the turn it off. This makes me not so sure

From what I've been able to piece together, I think that the assumption that the hacker has compromised user credentials (user/pass) is premature and perhaps mistaken.

I think rather that the "lock that device" message is being forged somehow. Given the geographic clustering so far, I also suspect that either manipulating network traffic is necessary (DNS poisoning, routing hijinks, etc.), or key information for the forged message is coming from an Australian source (website logs, sniffer parked on an Australia backbone, etc.) In theory, the device should only accept a "lock" message that the device can cryptographically authenticate as coming from an Apple server; I SPECULATE with no data that either Apple didn't do this, had a critical certificate stolen somehow (e.g. Heartbleed) or botched it.

I suspect an interested security researcher who monitored the IP traffic to a device as it is remotely locked and unlocked could shed more light on this.

Instead of seeing it as the number or devices, see it as the number of Apple IDs and secure it using

• a strong & different password
• Two factor authentication
• Add atleast two trusted devices if you can. See if one of them is non-Apple. This diversifies your security.

You can then do the following housekeeping:

1. Add passcodes to individual devices.
2. Go to https://appleid.apple.com and strengthen your credentials.
3. Go to https://supportprofile.apple.com and ensure that only devices that are current are associated with you.

It may be interesting to discover which modems/routers are being used by those who have been hacked.

One of the reasons it may be geographically targeted could be that they are using equipment which is only available in the local market.

Possible that the modem/router has been comprimised in some way.

Has this hacker clown been arrested yet?

Passcode advice question:

My wife hates having passcode set on her iPad and iPhone. In the current situation I have persuaded her to set passcode on both, but with activation after the maximum option of four hours.

In the event of being hacked would this allow recovery of control? or is the device at risk during the four hours?

Two factor authentication question:

This is not instant and I suspect Apple are likely to be swamped with people doing this...which may cause short term overload problems. Any comment?

Thanks

To address the current security breach, you simply need another way to make your device accessible. Either of the two options you have mentioined will work.

If you have a passcode set regardless of its duration, a find my phone user cannot override it with another password.

Two factor authentication will allow you to use a trusted device or your secret key to access your device. It should be instant unless you have recently change your apple id password which will mean that you will have to wait 3 days.

Its now been reported at ZDNet http://www.zdnet.com/icloud-not-compromised-in-apple-id-attack-apple-7000029914/ that :

Apple said: "Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."

The "iCloud not compromised" tends to imply that Apple suggest users have, somehow, had their user ID / password disclosed and utilised.

I need some verification with the effectiveness with Two factor authentication without a passcode in this scenario.

A 'hacker' would technically be able to issue a passcode using the Lost mode. However depending on how it is done it may require the hacker to approve the credential via a trusted device (two factor) or key since it is the first the apple Id woud have been used on that machine.