Hackers Using iCloud’s Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments

Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone.

With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here.


Apple allows users to access Find My iPhone without requiring two-factor authentication in case a person's only trusted device has gone missing.

2-factor authentication not required to access Find My iPhone and a user's list of devices.

Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device.


The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers.

Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

It's easy to lock a Mac with a passcode in Find My iPhone if you have someone's Apple ID and password.

To prevent an issue like this, Apple users should change their Apple ID passwords, enable two-factor authentication, and never use the same password twice. Products like 1Password, LastPass, and even Apple's own iCloud Keychain are ideal ways to generate and store new passwords for each and every website.


Users who have had their Macs locked will need to erase their machines or restore from a backup to remove the lock if no passcode is available. Apple Support can offer specific assistance on the steps that need to be followed to remove the lock.

(Thanks, Eli!)


Discuss this article in our forums

Developer Hacks Apple Watch to Run Game Boy Emulator

Developer Gabriel O'Flaherty-Chan recently shared a project where he managed to get a Game Boy emulator he dubbed "Giovanni" running on the second-generation Apple Watch, allowing it to play Game Boy and Game Boy Color games.

According to O'Flaherty-Chan, it was a challenge finding the right balance "between framerate and performance," but he says the end result is a "surprisingly usable emulator." In GIFs shared in a blog post, the Apple Watch is displayed running Pokémon Yellow.


The Giovanni emulator, named after the villain in Pokémon Yellow, was built using open source code from Gambatte, an existing iOS emulator. It uses the Digital Crown and gestures for control purposes.

By allowing the user to pan on screen for directions, rotate the Digital Crown for up and down, and tap the screen for A, I was able to eliminate buttons until I was left with Select, Start, and B.

Touching the screen for movement isn't a great interaction, but being able to use the Crown worked out a lot better than originally anticipated. Scrolling through a list of options is basically what the Crown was made for, and if the framerate was even slightly higher, the interaction could almost be better than a hardware D-pad.
As Ars Technica points out, Giovanni is not something you should expect to see in the App Store -- it's more of a proof of concept than anything else. Apple does not allow emulators on the App Store, and O'Flaherty-Chan himself says it is afflicted with bugs due to the "constraints of watchOS," including the lack of support for OpenGL and Metal.

The Giovanni source code is, however, available on Github for anyone to download, and the blog post behind the creation of Giovanni is worth reading for anyone interested in the development process.

Tags: hack, emulator

Discuss this article in our forums

This Android malware is hacking into your Google account to install apps

Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f302314%2fap_917826219528

Feed-twFeed-fb

Your Google accounts could have been compromised if you own a Android phone, thanks to a new malware variant known as “Gooligan.”

The malware has infected more than 1 million accounts, according to research released Wednesday from cyber security company Check Point, and that figure is growing by a massive 13,000 devices per day.

In August, Gooligan emerged as a complex malware that infects devices after users download apps from third party stores. It was originally related to a malicious app from 2015 named SnapPea. 

The malware steals authentication tokens that can be used to access data from Google Play, Gmail, Google Docs, Google Drive and more. The malware installs certain apps on a user’s phone and highly rates them. Its main mission is to install adware to generate revenue for those apps, reportedly raking in as much as $320,000 a month. Read more…

More about Gooligan, Malware, Hack, Apps, and Android