• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Mac   »   Hacking Apple ID?

Hacking Apple ID?

  • Posted on:June 5, 2014 at 10:17 am
  • Posted in:Mac
  • Author:
    Warren Tsai (Product Manager)
0

The many announcements at Apple’s 2014 Worldwide Developers Conference (WWDC) this week was welcome news to the throngs of Apple developers and enthusiasts. It was also welcome news for another group of people with less than clean motives: cybercriminals.

Last week we got a concrete example of how some cybercriminals are now actively targeting Apple ID accounts. A thread in the Apple support forums was filled with users complaining that their devices had been locked, with a message from a certain “Oleg Pliss” demanding $100 to unlock the device. (The real Oleg Pliss is a developer for Oracle; his name appears to have been appropriated by the attackers.) Australian users appear to be the ones most affected by this attack.

How was this attack carried out? It appears that the Find my iPhone feature was abused. An attacker with the victim’s Apple ID credentials would be able to log into the Apple site providing this service, send the ransom message to the user, and lock the phone.

It’s unclear where the Apple ID credentials came from, but there are multiple possibilities. For example, we know that since last year phishing sites have tried to harvest Apple ID credentials. Reused passwords or social engineering may also have been used in this attack.

How could users recover from this attack? One way would be to restore a backup from iTunes. Unfortunately, many – perhaps even most – iPhone users are not particularly fastidious about backing up. One could try restoring from iCloud as well, but that would involve logging in with the user’s Apple ID account – which has been compromised by this very attack. As in any case where a user’s account has been compromised, recovery can be very difficult.

We will likely see more attacks trying to steal Apple ID moving forward. For example, we can see routers with malicious DNS settings being used in man-in-the-middle attacks to try and steal credentials. Phishing attacks may increase as well. The value of a stolen Apple ID can only go up as more and more information is placed in it by users. For example, the introduction of HealthKit and HomeKit in iOS 8 may mean that even more intimate and personal information may be tied, directly or not, to the Apple ID.

It’s a good reminder that despite Apple’s willingness to use mobile malware and vulnerabilities as a club against competitors, not all mobile threats can be so easily addressed and dismissed.

Figure 1. Apple criticizing Android fragmentation

So, what can users do? Our advice is similar to those for any other credential that needs to be protected:

  • Don’t reuse your password.
  • Use a secure password/passphrase.
  • Enable security features like two-factor authentication, if possible.

To be fair, some of these steps are harder to perform on a mobile device than a desktop or laptop. Entering a long password may be hard without a password manager (like DirectPass), for example. Despite this increased difficulty, it has to be done: it is now clear that mobile device credentials – like Apple ID – are a valuable target for cybercriminals.

To get the latest news on targeted attacks, visit Data Breaches page in Threat Encyclopedia.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: account securityApplehackingiOSWWDC

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.