Reports of iOS devices have been hacked

[Xairbusdriver]

Condensed report and how to restore from this problem are <here at MacIssues>. Here's a link to <Apple's Discussions> (already at 10 pages worth of posts in just a few hours) which may be more difficult to follow...

Seems to be mainly in South Pacific area and for iDevices not using any passcode!

My only suggestion is to at least have a passcode in place. Might be good to also change/make a very strong password for your Apple ID (you do have a good password manager, right?) and completely turn your devices off before bed tonight. Seems the hackers are attempting to avoid detection by doing their work when the owners are asleep.

Pictures at ten?

[Xairbusdriver]

Now 18 pages of posts. Those hit still seem to be in Australia. Avoid traveling there for a few weeks.

[jchuzi]

iOS Ransom Hack Spreading to US

[Xairbusdriver]

I notice Topher is suggesting turning Find My iDevice OFF, while the original post at the Apple Discussions said just the opposite. It may be(?) tedious(!) to see if that first post suggestion changed. Trouble is, everyone is muddling around in the dark, swinging at noises instead of real bugs. Mean while, certain parts of Apple are very busy, I'm sure.

If your iDevice does get hacked/locked, whatever you do, DO NOT offer to PAY any RANSOM! There are simple, effective ways to Restore you device, assuming you made a recent backup. And then, buy or download a decent password manager and use it religiously. The first one you need to create is a new Apple ID, of course.

[kimmer]

Dumb question I know, but remember I've been a bit distracted the past several months ... so how do I find out if one of us signed up for "Find My iDevice"?

[daryl66]

QUOTE(kimmer @ May 27 2014, 08:12 PM) <{POST_SNAPBACK}>

Dumb question I know, but remember I've been a bit distracted the past several months ... so how do I find out if one of us signed up for "Find My iDevice"?

With the iPhone and iPad:    Settings>iCloud>radio button for "find my iPhone/iPad

HTH

Daryl

[Xairbusdriver]

The only consistent fact seems to be not having a passcode. Having a weak, simple, easily guessed Apple ID will certainly make things easier for the assault, of course. I think another factor will turn out to be the use of the same password at multiple sites.

[kimmer]

QUOTE(daryl66 @ May 27 2014, 06:58 PM) <{POST_SNAPBACK}>

QUOTE(kimmer @ May 27 2014, 08:12 PM) <{POST_SNAPBACK}>

Dumb question I know, but remember I've been a bit distracted the past several months ... so how do I find out if one of us signed up for "Find My iDevice"?

With the iPhone and iPad:    Settings>iCloud>radio button for "find my iPhone/iPad
HTH

Daryl

   Thank you, Daryl. Much appreciated.

For now I've turned off "find my iPad". Our iPad requires the 4-character password to use it. The password to my appleid is considered "strong", and it's not used anywhere else; but I could change it.

In fact, in rereading the one article I read the suggestion that I change my appleid password. Is this recommended by Apple? Did the hacker(s) get our appleids and password? Or is this all unknown? I'm so brain burned these days that I've yet to get all my heartbleed passwords changed. Yeah, shame on me. The med staff tells me I have over stressed brain.

[Xairbusdriver]

They probably tried passwords they got form other hacked sites. But they tried them on iDevices they "found" where the owners failed to create a passcode. They could then "easily" send the ransom note. I haven't heard of anyone actually having their iDevice wiped but that is possible once the Apple ID was verified. That's why changing your Apple ID is a save guard for this event. Of course, if it is absolutely never used anywhere else, it should be fine. Apple has, reportedly, denied that any of those ID's have been stolen from iCloud. But if the ID was 'discovered' in use at another, hacked site, iCloud storage access is not needed.

A four digit password is not considered safe in any criteria I know of, but that is what the vast majority of iDevice owners use. That is only 9,999 combination since the only characters are the ten digits. Using the stronger method allows all the characters on the keyboard to be used; 52 letters, ~30 symbols and punctuation, plus the ten digits and with a much larger length. But Apple didn't even make that available in the first versions of iOS!

My opinion: "find My..." Is not the problem, weak/short passcode and using your Apple ID anywhere except at Apple is the problem. YMMV.

[Xairbusdriver]

QUOTE

with all these hacking stories flying around it almost feels like nowhere on the internet is safe and it is just a matter of time before I am a victim

QUOTE

Yup. If that's what you've learned from this, that's a good thing. Keep that attitude in the front of your mind with everything you do with your electronic devices. That knowledge is the best thing for protecting you against being a victim, just as keeping a close eye on your surroundings can keep you from being mugged.

Perhaps at least some good is coming from this.

Another thought on turning Find My... off; if you do, you won't be able to protect your iDevice, when it's stolen. Also, be sure to keep making regular (daily?) backups of your device since your main recourse will be to Restore from a local backup.

[Xairbusdriver]

Russian authorities have arrested some 'hackers' supposedly responsible for the "Oleg Pliss" <ransom problem>. Maybe, I find it hard to believe such a sweet looking young man pictured <here> would ever do such a thing. As the mother's of local young hoodlums around here usually say, "He's really a nice boy. I don't know where he got that gun... or the ammunition... or the car, he's too young to have a license!"

QUOTE("MKRU")

"The young man never studied or worked and was always looking for easy ways to make money," MKRU said of Ivan.

How true! It's like, ya know, the first thing leads right to the second! Amazing! It took this creep only 23 years to figure this out? And I though some of our schools were bad...