iPhone about to be found/hijacked. So maybe best to turn off 'find my phone'.

alanwarwic · 27-05-2014, 13:44

http://theinquirer.net/inquirer/news...sers-to-ransom

""If customers have any questions about their Apple devices, they should speak directly to Apple," while Vodafone said that those experiencing the issue should "speak with Apple as they are best placed to offer comment on their services".

The networks are blaming Apple but, unless someone corrects me, for now I would say it looks best to turn off the feature.

swordman · 27-05-2014, 13:50

Wow will be turning that off until some certainty arises. Very worrying

Mystic Eddy · 27-05-2014, 14:46

Enable two step verification. That will stop anyone using your account on an unverified device.

alanwarwic · 27-05-2014, 14:47

Rumours have it that iCloud is compromised, at least for affected users, and it is done via there.

http://www.digitalspy.co.uk/tech/new...ng-ransom.html

kidspud · 27-05-2014, 15:10

Quote:

Originally Posted by Mystic Eddy

Enable two step verification. That will stop anyone using your account on an unverified device.

Even having a passcode will let you resolve the problem. Panic over

I can get back to dealing with the ebay hack now.

alanwarwic · 27-05-2014, 15:53

Quote:

Originally Posted by kidspud

Even having a passcode will let you resolve the problem. Panic over

I can get back to dealing with the ebay hack now.

Even changing your password will let you resolve the ebay problem.
Double panic over maybe.

I say MAYBE because the full info source on this issue is quiet. That being Apple.
Rumour is not a resolution just like rumour does not always confirm a problem.

At the mo it looks like a double move to go to 2 step and turn off find my phone is currently the best move.

kidspud · 27-05-2014, 16:22

Quote:

Originally Posted by alanwarwic

Even changing your password will let you resolve the ebay problem.
Double panic over maybe.

I say MAYBE because the full info source on this issue is quiet. That being Apple.
Rumour is not a resolution just like rumour does not always confirm a problem.

At the mo it looks like a double move to go to 2 step and turn off find my phone is currently the best move.

IvanIV · 27-05-2014, 16:44

2 step verification is a good idea anyway. They can get hands on your password, but it will be useless. Apple should prompt their customers to do it.

Lyceum · 27-05-2014, 20:06

So Apple still make you wait three days before you can actually activate two step verification? When I first set it up I had to wait three days to activate it. What sense does that make?

Until Apple figure out how this is happening we're all playing guess saying 'turn this feature off' of 'turn that feature off'.

After just ten minutes on google I've already been advices to turn off iCloud. Find my phone and change my passwords for pretty much everything.

psionic · 27-05-2014, 21:01

Quote:

Originally Posted by Lyceum

So Apple still make you wait three days before you can actually activate two step verification? When I first set it up I had to wait three days to activate it. What sense does that make?

Until Apple figure out how this is happening we're all playing guess saying 'turn this feature off' of 'turn that feature off'.

After just ten minutes on google I've already been advices to turn off iCloud. Find my phone and change my passwords for pretty much everything.

No I don't think so. I activated 2-step over a year ago, i'm certain it all happened instantly.

Lyceum · 27-05-2014, 21:14

Quote:

Originally Posted by psionic

No I don't think so. I activated 2-step over a year ago, i'm certain it all happened instantly.

Yes they do.

Just gone through it with a friend and she had no idea what it was. Told her to come back on the 30th to activate.

psionic · 27-05-2014, 21:14

Quote:

Originally Posted by alanwarwic

http://theinquirer.net/inquirer/news...sers-to-ransom

""If customers have any questions about their Apple devices, they should speak directly to Apple," while Vodafone said that those experiencing the issue should "speak with Apple as they are best placed to offer comment on their services".

The networks are blaming Apple but, unless someone corrects me, for now I would say it looks best to turn off the feature.

Details are very sketchy at the moment. It could be passwords being compromised somehow. Getting hold of an iCloud password you could utilise the Find My iPhone service to lock the device and push a message to and create a PIN.

It doesn't seem that widespread at the moment, mainly in certain states of Aus. What I have noticed in recent months is a definite increase of phishing emails purporting to be from Apple (complete with spelling mistakes and all sorts of basic errors) asking you to reset your Apple ID password with links going to all sorts fake sites.

What's interesting is that Paypal have confirmed that no account is associated with the address the hack is allegedly demanding payment on.
http://www.idownloadblog.com/2014/05...-in-australia/

psionic · 27-05-2014, 21:16

Quote:

Originally Posted by Lyceum

Yes they do.

Just gone through it with a friend and she had no idea what it was. Told her to come back on the 30th to activate.

Fair enough not tried it recently, but definitely didn't need this delay originally.

IvanIV · 27-05-2014, 21:44

In what way do they deliver the code? With MS account you can choose an app, email, or text. It also switches immediately. There is no reason why Apple could not do it as well. I'd wait with changes to email and phone numbers, but when somebody else gets in they can do more damage than to turn on 2 step verification.

alanwarwic · 27-05-2014, 21:54

Methinks with Apple iMessage involved too, 2 step via a text needs to be implimented more slowly or maybe not via that method.

I can see why they are cautious.

Lyceum · 27-05-2014, 22:05

Quote:

Originally Posted by psionic

Fair enough not tried it recently, but definitely didn't need this delay originally.

Bloody ridiculous waiting time. 24 hours maybe but what possible reasons could there be for a three day wait time.

psionic · 27-05-2014, 22:13

Quote:

Originally Posted by IvanIV

In what way do they deliver the code? With MS account you can choose an app, email, or text. It also switches immediately. There is no reason why Apple could not do it as well. I'd wait with changes to email and phone numbers, but when somebody else gets in they can do more damage than to turn on 2 step verification.

If Find My Phone is turned on, the code is pushed as a popup on your trusted device(s). Otherwise SMS is used.

http://support.apple.com/kb/ht5570 (according to that the waiting period to set up 2-step verification is when significant changes were made to your account info)

IvanIV · 27-05-2014, 22:20

Quote:

Originally Posted by psionic

If Find My Phone is turned on, the code is pushed as a popup on your trusted device(s). Otherwise SMS is used.

http://support.apple.com/kb/ht5570 (according to that the waiting period to set up 2-step verification is when significant changes were made to your account info)

With delaying this change for three days they keep the accounts vulnerable. They may want to inspire themselves by MS. You can use an authenticator app that is paired up with the account and generates codes even when offline.

Lidtop2013 · 27-05-2014, 22:20

But I don't want to turn off find my iphone, knowing my luck if I turn it off I'll lose the phone tomorrow lol

Mystic Eddy · 27-05-2014, 22:32

I activated two step verification earlier today and it was done instantly. Must've been a deluge of accounts wanting two step enabled for the wait to be imposed.

IvanIV · 27-05-2014, 23:07

2 step login is one thing. The question is how the hacker gets into one's Apple account. Stolen passwords or something worse? There was a report of such a vulnerability a while ago. Or is this Apple's own Heartbleed.

swordman · 27-05-2014, 23:18

Seems not limited to just iphone too. Not going to be happy if Apple respond with their usual 'speed'.

psionic · 27-05-2014, 23:22

Quote:

Originally Posted by IvanIV

2 step login is one thing. The question is how the hacker gets into one's Apple account. Stolen passwords or something worse? There was a report of such a vulnerability a while ago. Or is this Apple's own Heartbleed.

There was the goto fail bug which made the news a few months ago, but apparently existed for long time, which was Apple's SSL/TLS vulnerability. Although it's since been patched, perhaps some passwords were compromised using that?

IslandNiles · 27-05-2014, 23:37

I suppose it could be anything, but I would think the most likely option is passwords stolen elsewhere that users also had for their Apple ID.

This sort of thing happened with Tesco a couple of months ago. They were slated for being insecure but it turned out to be hacked data from somewhere else being used to access Tesco accounts.

IvanIV · 27-05-2014, 23:39

Quote:

Originally Posted by swordman

Seems not limited to just iphone too. Not going to be happy if Apple respond with their usual 'speed'.

They sooner make the hacker give them 30% cut

It's always such a hush-hush operation with them.

27-05-2014, 13:44	#1
alanwarwic Forum Member Join Date: Oct 2003 Location: the wild world web Posts: 28,132	iPhone about to be found/hijacked. So maybe best to turn off 'find my phone'. http://theinquirer.net/inquirer/news...sers-to-ransom ""If customers have any questions about their Apple devices, they should speak directly to Apple," while Vodafone said that those experiencing the issue should "speak with Apple as they are best placed to offer comment on their services". The networks are blaming Apple but, unless someone corrects me, for now I would say it looks best to turn off the feature.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

27-05-2014, 13:50	#2
swordman Forum Member Join Date: Oct 2010 Posts: 6,342	Wow will be turning that off until some certainty arises. Very worrying

27-05-2014, 14:46	#3
Mystic Eddy Forum Member Join Date: Apr 2006 Posts: 3,885	Enable two step verification. That will stop anyone using your account on an unverified device.

27-05-2014, 14:47	#4
alanwarwic Forum Member Join Date: Oct 2003 Location: the wild world web Posts: 28,132	Rumours have it that iCloud is compromised, at least for affected users, and it is done via there. http://www.digitalspy.co.uk/tech/new...ng-ransom.html

27-05-2014, 15:10	#5
kidspud Forum Member Join Date: May 2010 Posts: 11,501	Quote: Originally Posted by Mystic Eddy Enable two step verification. That will stop anyone using your account on an unverified device. Even having a passcode will let you resolve the problem. Panic over I can get back to dealing with the ebay hack now.

27-05-2014, 15:53	#6
alanwarwic Forum Member Join Date: Oct 2003 Location: the wild world web Posts: 28,132	Quote: Originally Posted by kidspud Even having a passcode will let you resolve the problem. Panic over I can get back to dealing with the ebay hack now. Even changing your password will let you resolve the ebay problem. Double panic over maybe. I say MAYBE because the full info source on this issue is quiet. That being Apple. Rumour is not a resolution just like rumour does not always confirm a problem. At the mo it looks like a double move to go to 2 step and turn off find my phone is currently the best move.

27-05-2014, 16:22	#7
kidspud Forum Member Join Date: May 2010 Posts: 11,501	Quote: Originally Posted by alanwarwic Even changing your password will let you resolve the ebay problem. Double panic over maybe. I say MAYBE because the full info source on this issue is quiet. That being Apple. Rumour is not a resolution just like rumour does not always confirm a problem. At the mo it looks like a double move to go to 2 step and turn off find my phone is currently the best move.

27-05-2014, 16:44	#8
IvanIV Forum Member Join Date: May 2006 Posts: 25,199	2 step verification is a good idea anyway. They can get hands on your password, but it will be useless. Apple should prompt their customers to do it.

27-05-2014, 20:06	#9
Lyceum Forum Member Join Date: Nov 2009 Posts: 3,124	So Apple still make you wait three days before you can actually activate two step verification? When I first set it up I had to wait three days to activate it. What sense does that make? Until Apple figure out how this is happening we're all playing guess saying 'turn this feature off' of 'turn that feature off'. After just ten minutes on google I've already been advices to turn off iCloud. Find my phone and change my passwords for pretty much everything.

27-05-2014, 21:01	#10
psionic Forum Member Join Date: May 2002 Location: Crystal Palace TX Posts: 19,702	Quote: Originally Posted by Lyceum So Apple still make you wait three days before you can actually activate two step verification? When I first set it up I had to wait three days to activate it. What sense does that make? Until Apple figure out how this is happening we're all playing guess saying 'turn this feature off' of 'turn that feature off'. After just ten minutes on google I've already been advices to turn off iCloud. Find my phone and change my passwords for pretty much everything. No I don't think so. I activated 2-step over a year ago, i'm certain it all happened instantly.

27-05-2014, 21:14	#11
Lyceum Forum Member Join Date: Nov 2009 Posts: 3,124	Quote: Originally Posted by psionic No I don't think so. I activated 2-step over a year ago, i'm certain it all happened instantly. Yes they do. Just gone through it with a friend and she had no idea what it was. Told her to come back on the 30th to activate.

27-05-2014, 21:16	#13
psionic Forum Member Join Date: May 2002 Location: Crystal Palace TX Posts: 19,702	Quote: Originally Posted by Lyceum Yes they do. Just gone through it with a friend and she had no idea what it was. Told her to come back on the 30th to activate. Fair enough not tried it recently, but definitely didn't need this delay originally.

27-05-2014, 21:44	#14
IvanIV Forum Member Join Date: May 2006 Posts: 25,199	In what way do they deliver the code? With MS account you can choose an app, email, or text. It also switches immediately. There is no reason why Apple could not do it as well. I'd wait with changes to email and phone numbers, but when somebody else gets in they can do more damage than to turn on 2 step verification.

27-05-2014, 21:54	#15
alanwarwic Forum Member Join Date: Oct 2003 Location: the wild world web Posts: 28,132	Methinks with Apple iMessage involved too, 2 step via a text needs to be implimented more slowly or maybe not via that method. I can see why they are cautious.

27-05-2014, 22:05	#16
Lyceum Forum Member Join Date: Nov 2009 Posts: 3,124	Quote: Originally Posted by psionic Fair enough not tried it recently, but definitely didn't need this delay originally. Bloody ridiculous waiting time. 24 hours maybe but what possible reasons could there be for a three day wait time.

27-05-2014, 22:13	#17
psionic Forum Member Join Date: May 2002 Location: Crystal Palace TX Posts: 19,702	Quote: Originally Posted by IvanIV In what way do they deliver the code? With MS account you can choose an app, email, or text. It also switches immediately. There is no reason why Apple could not do it as well. I'd wait with changes to email and phone numbers, but when somebody else gets in they can do more damage than to turn on 2 step verification. If Find My Phone is turned on, the code is pushed as a popup on your trusted device(s). Otherwise SMS is used. http://support.apple.com/kb/ht5570 (according to that the waiting period to set up 2-step verification is when significant changes were made to your account info)

27-05-2014, 22:20	#18
IvanIV Forum Member Join Date: May 2006 Posts: 25,199	Quote: Originally Posted by psionic If Find My Phone is turned on, the code is pushed as a popup on your trusted device(s). Otherwise SMS is used. http://support.apple.com/kb/ht5570 (according to that the waiting period to set up 2-step verification is when significant changes were made to your account info) With delaying this change for three days they keep the accounts vulnerable. They may want to inspire themselves by MS. You can use an authenticator app that is paired up with the account and generates codes even when offline.

27-05-2014, 22:20	#19
Lidtop2013 Forum Member Join Date: Jan 2013 Location: West Midlands Posts: 2,450	But I don't want to turn off find my iphone, knowing my luck if I turn it off I'll lose the phone tomorrow lol

27-05-2014, 22:32	#20
Mystic Eddy Forum Member Join Date: Apr 2006 Posts: 3,885	I activated two step verification earlier today and it was done instantly. Must've been a deluge of accounts wanting two step enabled for the wait to be imposed.

27-05-2014, 23:07	#21
IvanIV Forum Member Join Date: May 2006 Posts: 25,199	2 step login is one thing. The question is how the hacker gets into one's Apple account. Stolen passwords or something worse? There was a report of such a vulnerability a while ago. Or is this Apple's own Heartbleed.

27-05-2014, 23:18	#22
swordman Forum Member Join Date: Oct 2010 Posts: 6,342	Seems not limited to just iphone too. Not going to be happy if Apple respond with their usual 'speed'.

DS Forums

iPhone about to be found/hijacked. So maybe best to turn off 'find my phone'.

27-05-2014, 23:22	#23
psionic Forum Member Join Date: May 2002 Location: Crystal Palace TX Posts: 19,702	Quote: Originally Posted by IvanIV 2 step login is one thing. The question is how the hacker gets into one's Apple account. Stolen passwords or something worse? There was a report of such a vulnerability a while ago. Or is this Apple's own Heartbleed. There was the goto fail bug which made the news a few months ago, but apparently existed for long time, which was Apple's SSL/TLS vulnerability. Although it's since been patched, perhaps some passwords were compromised using that?

27-05-2014, 23:37	#24
IslandNiles Forum Member Join Date: Apr 2005 Posts: 13,091	I suppose it could be anything, but I would think the most likely option is passwords stolen elsewhere that users also had for their Apple ID. This sort of thing happened with Tesco a couple of months ago. They were slated for being insecure but it turned out to be hacked data from somewhere else being used to access Tesco accounts.

27-05-2014, 23:39	#25
IvanIV Forum Member Join Date: May 2006 Posts: 25,199	Quote: Originally Posted by swordman Seems not limited to just iphone too. Not going to be happy if Apple respond with their usual 'speed'. They sooner make the hacker give them 30% cut It's always such a hush-hush operation with them.