What would you do if you woke up tomorrow morning to find your iPhone was locked with a message that the only way you could unlock it was to pay a $100 ransom? That’s exactly what happened this week to many iPhone owners in Australia and is starting to happen to iPhone owners in the US and UK.
A hacker using the name Oleg Pliss is accessing iPhones and iPads through the Find My iPhone app and locking the devices remotely, demanding payments of $100 to unlock them. Many people are speculating that the hacker has obtained emails and passwords from other accounts and is using the information to access user accounts on Find My iPhone.
Apple has issued the following statement that iCloud has not been compromised:
Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.
Many passwords have become exposed recently through the hacking of major websites such as eBay, as well as through the Heartbleed bug. See, Heartbleed – The Internet Security Flaw That Should Command Your Attention Now for more information about Heartbleed.
If you still are using the same passwords for multiple websites now is the time to correct that vulnerability. See, How to Create a Strong Password and Why You Should Do This Now to learn about creating a strong password.
How to Protect Your iPhone from Being Hijacked
To protect yourself from your iPhone being hijacked, you should take the following steps. While there is no 100% guarantee of securing your iPhone, these steps will go a long way towards making your iPhone more safe from hijacking.
You can protect your Apple account by enabling Two-Step Verification. With this feature enabled Apple will send you a special passcode via text message any time you try to log into your Apple account from a new device. You won’t be able to access your Apple account from the new device until you’ve entered the passcode.
To enable Two-Step Verification for your Apple ID, go to the Apple ID page and click My Apple ID. Sign into your account and Go to Password and Security and follow the steps for Two-Step Verification.
When you sign up for Two-Step Verification, Apple will give you a Recovery Key you can use to access your account in case you lose your phone or forget your password.
You can learn more about Two-Step Verification from the Apple Help page.
Change Your Apple ID Password
If your Apple ID password is the same as the one you use for any other account, you should change it right now. Go to the Apple ID page and click My Apple ID. Go to Password and Security and then Change Password.
Apple now has more stringent requirements for passwords:
Back Up Your iDevices to iTunes on Your Computer
If your iPhone is hijacked, you will need to reset your phone which will wipe all of your data from it. If you’ve previously backed up your iDevices to iTunes on your computer, you’ll be able to recover the backed up data.
Back it up now.
Put a Passcode on Your iPhone
If you don’t have a passcode on your iPhone, now is the time to add one. Go to:
Settings ➛ Passcode ➛ Turn Passcode On
You will be asked to enter a passcode and verify it.
If Your iPhone Is Hijacked
If you are one of the unfortunate ones whose iPhone has been hijacked, the good news is that you can unlock your phone without paying the ransom. The bad news is that you may lose the data on your phone. Whatever you do, don’t pay the $100 ransom!
If your phone is passcode protected, enter the passcode and your phone should be unlocked. If your phone isn’t passcode protected, then getting access to your phone becomes much more difficult as the hacker can remotely set a passcode for your device.
You can take your iPhone to an Apple retail store to have your iPhone reset. This will wipe your data from your phone and erase it to factory settings.
If you aren’t able to visit an Apple store, you can follow the steps listed in the Apple forum to reset your device.
Some people in the Apple forum have reported being able to back up their iPhones to iTunes on their computers even though their phone was locked.
Have you heard about iPhones being hijacked? Have you reset your Apple ID password and enabled Two-Step Verification? Do you have your iPhone passcode protected? Let us know in the Comments section below!