It's possible that a breach of local services contributed to the attack. Bad passwords aren't the only problem here, though. Using the same password across multiple sites and devices compounded with bad, predictable password choices make individuals much more vulnerable to hackers. Victims themselves could have done things differently. As much as we warn people to make strong, difficult-to-crack passwords, few actually listen to this sound advice. Who's At Fault? Don't be so quick to blame the entire attack on flaws in Apple's security. This attacker entered the ransom message to appear on the phone for the victim to see. At this point, iCloud found the supposedly lost phone, locked it with the PIN, and displayed the ransom message. The attacker then put the victim's iPhone into "Lost Mode" and locked it with a PIN.
Once the hacker compromised the victim's iCloud account (social enginerring, brute-force password, etc), s/he activated the "Find My iPhone" on his or her own device and logged in as the victim. It seems that the crook behind this recent ransomware attack used the "Find My iPhone" features to remotely lock peoples' device and then demanded cash in exchange for unlocking their devices. This all sounds peachy, right? The problem is that if an attacker has access to your iCloud, she or he can do these exact same things as well.
Obviously once you realize your device isn't on you, you should put it in Lost Mode immediately and enter a passcode to prevent someone from accessing your personal information. For iPhones, this app lets users enter a message on its screen that asks for the owner to be called, remotely set a PIN for your phone, or erase all your data. As it's clear from the name, the app lets you pinpoint the location of your lost device. How The Hack HappenedThe "Find My iPhone", or iPad or Mac, service is a pretty handy app.
0 kommentar(er)
