Hackers have threatened to remotely wipe 300 Million iPhones unless Apple pays a ransom of $75,000 in crypto-currency or $100,000 worth of iTunes gift cards. IT security experts from FireMon, AlienVault, DomainTools, Tripwire, Comparitech.com and ESET commented below.
Paul Calatayud, Chief Technology Officer at FireMon:
“I believe these claims are accurate, but also most likely not caused by Apple. If you do not add two factor strong authentication to any account, there is a chance that the password has been exposed, harvested, or guessed. For example, if my e-mail account happens to be from yahoo, and that account is affected by the breach that just occurred, then there is a chance that the attackers are already able to compromise other accounts I hold such as my appleid. I suspect Apple is well aware of this and their position will be to quickly assist anyone that may be affected by providing them options to re protect their account, but since it’s not Apple that most likely was not a contributor to the compromises, they will not be paying any ransoms.”
Chris Doman, Security Researcher at AlienVault:
“The attackers do seem desperate for publicity. Yesterday a Twitter account (turkcrimefamily) and Website (turkishcrimefamily[.]org) were created in their name, and today they claimed “The number of Apple credentials have increased from 519m to 627m, we are convinced it will keep growing until 7 April 2017”.
Apple has some of the best security people in the business, and it seems hard to believe they would have lost control of hundreds of millions of accounts. The attackers may have taken control of a small number of accounts, through everyday iCloud phishing attacks, and used that as ‘evidence’ to justify their more outlandish claims.
Apple users should be suspicious of any unexpected messages from Apple asking them to enter their credentials.”
Kyle Wilhoit, Senior Security Researcher at DomainTools:
“Without verifiable proof, there is no way to say this is a valid threat. The conflicting information from the attackers themselves doesn’t lend credence to their ransom. Because of this lack of evidence, there’s not much you can do. But, there are basic preventative privacy and security setting changes on your iPhone that can help protect against many different types of attacks. First, ensure your iPhone is up to date. In addition, disable fingerprint security with Touch ID. This will prevent purchases by using your fingerprint as authentication. Also, prevent other applications from uploading your data. For instance, don’t let Twitter access your iPhone contacts. For those that are paranoid about this, I would also recommend changing your password.”
Lamar Bailey, Sr. Director, Security R&D at Tripwire:
“If this is legit the hackers would have had to obtain access to the individual user accounts via breaking the passwords of each of the user accounts or have acquired access to the Apple iCloud servers. The access to each user account is much more realistic since we have seen numerous reports of all the weak passwords people use for their computers and accounts. If the hackers have password access to individual user account they can erase phones remotely and change passwords for the Apple accounts. The hackers cannot remove backups for Apple devices from the cloud but changing the passwords will make it hard for the legitimate users to reset and recover their devices. Once the end user has access to their account they will be able to restore their device.
For end users make sure you are using strong passwords and enable 2 factor authentication as an added protection. Having a local backup of your device is always a good idea too. It is faster to restore a device locally than over the internet and having a small NAS (network Attached Storage) device at home for pictures and backups is a good investment to supplement the cloud backups.
This whole ransom seems odd. What are the hackers going to turn over the breached accounts? Why ask for iTunes gift cards? They have unique numbers that can be tracked and deactivated in seconds.”
Lee Munson, Security Researcher at Comparitech.com:
“It may not just new owners of new iPhones who will be seeing red soon, if an alleged group of Turkish hackers fulfils its promise to remotely wipe iPhone and iCloud accounts.
“Whether the group has the means to do as it claims is debatable – supposed correspondence with Apple and a YouTube video showing the takeover of an account may well have been faked – but what is not up for debate is Apple’s resolve to not pay a ransom to make the group back down.
“While Apple’s stance that it will “not reward cyber criminals for breaking the law” is the right one to take, I cannot help but wonder if the option to pay $100,000 in iTunes gift cards, rather than $75,000 in untraceable cryptocurrency, could have been explored in association with law enforcement.
“While not entirely fool proof, the spending of those gift cards could have offered up valuable clues which could have led to the apprehension of those responsible for this interesting new form of ransom demand.”
Ondrej Kubovič, Security Specialist at ESET:
“We advise all our users to regularly backup their (valuable) data and store it on external drives that are not constantly connected to the network. This kind of prevention is very effective not just for cases such as the one described in the article, but also against ransomware attacks, which are very frequent across various platforms – including mobile.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.