There are reports coming out of Australia about iPhones and iPads somehow getting locked down by Find my iPhone, in some cases with a message claiming the devices will only be unlocked if a AUS$100 ransom is paid. What makes this bizarre is that it appears to only be happening in Australia (and the internet has no borders) and it's unclear how the attackers are accessing Find my iPhone for the devices in question. So, what's going on?
One theory is that some other service was hacked and because people were using the same email and password combinations for that service and their Apple IDs, the attacker could access their iPhones and iPads online via Find my iPhone as well. But why just Find my iPhone, why only some hostage messages, and why AU$100? It feels almost more like the hack equivalent of stealing a car for a joy ride.
Whatever this turns out to be, the story should serve as yet another reminder to everyone to use a strong, unique passwords for Apple ID and for any other critical internet account you have, including Google, Amazon, or anything tied to your communications or credit cards.
Yes, strong, unique passwords are more difficult and tedious to use, and you will almost certainly require a password manager app to use them effectively, but the extra effort is more than worth it based on the protection they provide. It means that if any one service is ever hacked, you'll only have to worry about that service, not every other one that uses to the same email address and password.
Second, set up and use two-step authentication for your Apple ID and for Google and any other critical service you use that supports it. Again, it's a far greater pain in the apps than not using it, but it affords a much higher level of protection because even if someone gets your password, that's only 1 of the 2 steps. It makes taking over your account immeasurably more difficult.
Also, if there are security questions, pick non-guessable answers and store them in your password manager as well. Attackers can find out the name of your first pet, first friend, or street you grew up on. It's immeasurably harder to compromise random characters or words you stuck in as answers.
If you're one of the people already affected, and there's no immediately obvious way for you to unlock the device directly, you can try and put your iPhone or iPad into recovery mode or DFU mode and then restore from the latest iCloud backup, or, if old-school, restore from the most recent iTunes backup.
If it looks like the password has been changed, go to Apple ID password recovery and reset my password — strong and unique! — to regain control of the account. If that doesn't work, go to the Apple Store or call AppleCare support with your proof of purchase.
We're still looking into the story, and we'll report back if and when we find out more. Apple has a phenomenal security team and Apple typically offers tremendous customer service as well. Since this incident has been widely reported it's probably safe to assume Apple has seen it too, though it will no doubt take time to figure out, both in terms of the hack and how to best recover from it. Whether there's anything Apple can do on their end, or whether it's really just a matter of all of us using better, stronger, unique passwords remains to be seen.
If you've experienced this hack, recovered from it, or have any advice or opinions in general to share, please let me know in the comments.
Rich Edmonds contributed to this article