iPhones and iPads held for Ransom

You may have already read about users who find their iPhone or iPad locked, with instructions for wiring money to ransom the device. Given the amount of data – both work and personal – that we have on our devices, that is a pretty serious breach of security.

How widespread is it

Although most ransoms have occurred in Australia, there are reports that it has begun to spread to the United States.  This is a good time to review your phone security to prevent these types of attacks and loss of your data.

Although recent attacks have focused on the iPhone, we’ve included some security tips for Android at the end of this article as well.

How to prevent it (iPhone/iPad)

  1. This particular attack can be prevented by enabling a four-digit passcode on your iOS device. Because the attacker sets a pin as a part of the attack, if you’ve already set one, then the attacker cannot.
  2. Protect your Apple ID. The password for your Apple ID should be strong, and it should not be used for any of your other accounts. See below for how to create a strong password.
  3. Set up two-step verification. This will prevent an attacker from gaining control of your account or device without physical access to the phone or iPad.

Security tips for Android devices

  1. Set up a pin or password on your phone. If your phone is lost or stolen, this can help prevent access to its data.
  2. Use a strong password. See below for explanation. Don’t use your Gmail password for any other accounts. Note that logging in to sites using the “Sign in with Google” button isn’t a security issue.
  3. Set up two-factor authentication on your Google/Gmail account. This will prevent an attacker from accessing your Gmail account and other Google accounts without physical access to your phone or tablet.

What does it mean to use a strong password?

  • Don’t use any word(s) that can be found in a dictionary.
  • Don’t think that simple substitution (@ for a, $ for S, etc. will work). For example D4ch$hund is still a BAD password and is easily guessed.
  • Use a password that is seemingly random and relatively long. For example, T4nwT!agtuaspw is a much better choice.

How do you remember such a password?

  • Make up a sentence you can remember, and use the first one or two letters of each word as your password.
  • Use a password manager. Some examples are LastPass and KeePass. If you use a password manager, it is CRITICAL that you set a strong password on the account and never use that password for any other accounts. You should also set up two factor authentication for added security.

More security tips

  • Don’t share passwords across critical accounts like banking sites, password managers, medical sites, etc.
  • Don’t use your work password on other sites.
  • Don’t put easily guessed or discovered information into password reset fields. For example, if you set up your maiden name as a hint question, don’t use your actual maiden name as the answer. Many people who know you know your maiden name, and it’s probably easily discovered from your Facebook page or other social networks.


Further reading

Although we have included links with instructions and for further reading, IT is happy to help you personally with any security concerns or questions you have.

Hackers are using Find My iPhone to Hold iOS Devices for Ransom

Apple iPhones, iPads Held for Ransom: What Happened and What You Can Do

Symantec: Security Response

Blog Category: