Hackers Using iCloud’s Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments

Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone.

With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here.


Apple allows users to access Find My iPhone without requiring two-factor authentication in case a person's only trusted device has gone missing.

2-factor authentication not required to access Find My iPhone and a user's list of devices.

Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device.


The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers.

Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

It's easy to lock a Mac with a passcode in Find My iPhone if you have someone's Apple ID and password.

To prevent an issue like this, Apple users should change their Apple ID passwords, enable two-factor authentication, and never use the same password twice. Products like 1Password, LastPass, and even Apple's own iCloud Keychain are ideal ways to generate and store new passwords for each and every website.


Users who have had their Macs locked will need to erase their machines or restore from a backup to remove the lock if no passcode is available. Apple Support can offer specific assistance on the steps that need to be followed to remove the lock.

(Thanks, Eli!)


Discuss this article in our forums

Apple Removes Tool to Check if an iPhone or iPad is Activation Locked

Apple has removed its Activation Lock status checker on iCloud.com at some point in the past few days. The tool enabled users to enter the serial number or IMEI of an iPhone, iPad, or iPod touch and find out if the device is secured with Activation Lock, helping buyers avoid purchasing a device locked to another user.

checkactivationlockstatus
A user purchasing a used iPhone on eBay or another website, for example, was able to request the device's serial number and use Apple's tool to verify that Activation Lock had been turned off. If the device was still locked, or if the seller refused to provide the serial number, then it was likely lost or stolen.

The iCloud page where the tool was available now returns a "Not Found" page aka 404 error. Apple also removed the following reference to the tool from a related Find My iPhone support document earlier this week:
How do I check for Activation Lock before purchasing a used device?

When you buy an iPhone, iPad, iPod touch, or Apple Watch from someone other than Apple or an authorized Apple reseller, it is up to you to ensure that the device is erased and no longer linked to the previous owner’s account.

You can check the current Activation Lock status of a device when you visit icloud.com/activationlock from any Mac or PC.
Apple has not explained why it removed the page. The company did not immediately respond to a request for comment.

Activation Lock, enabled automatically when you turn on Find My iPhone, is designed to prevent anyone else from using your iPhone, iPad, iPod touch, or Apple Watch if it is ever lost or stolen. A device with Activation Lock enabled requires the owner's Apple ID and password before it can be used, even if it is erased or reactivated.

Last year, a number of users who purchased a brand new iPhone experienced an Activation Lock issue where their device was locked to someone else's Apple ID. Apple disabled Activation Lock for affected users upon being provided proof of purchase, but it is unclear if the strange issue factored into the page's removal.

Activation Lock was introduced alongside iOS 7. The tool to check the Activation Lock status of a device had been available since October 2014.


Discuss this article in our forums