If you’ve thought that only the CIA or the NSA are capable of controlling your iPhone by remote (and by design), well, you were wrong. A group of hackers are claiming to have full control over 300 million iPhones via their iCloud accounts.
Controlling one’s iCloud account via a user/password means that you can wipe the data by remote from the respective iPhone associated with the iCloud account. A Turkish hacking group nicknamed Turkish Crime Family is asking Apple to pay a ransom worth of $75,000 in Bitcoin/Ethereum or $100,000 in gift cards or else millions of iPhone users will see their data wiped out.
The story was broke on Tuesday by Motherboard after a representative of the Turkish Crime Family contacted the publication for presenting its readers with a number of screenshots showing email conversations between the hackers and Apple’s security team.
According to the hacker, Apple customers may be interested in this story, as their personal data/privacy is at risk. The screenshots of the email exchanges seem to show that after Apple asked the hackers for a sample, i.e. a list with the compromised accounts, in order to verify the authenticity of their claims, they were only provided with a YouTube demonstration, which showed how a hacked account can be accessed and all the data/content wiped out by remote from the corresponding iPhone/device.
The whole story sounds fishy, as the group’s Twitter account brags with 200 million iCloud accounts compromised while the email say that they actually have access to 300 million.
200 Million iCloud accounts will be factory reset on April 7 2017
— Turkish Crime Family (@turkcrimefamily) March 21, 2017
One of the emails from Apple reads:
“We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it’s seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law,”
It’s basically impossible for Apple (who did not confirm officially the hack) to verify the group’s claims and we’ll just have to wait and see what happens on April 7th, as according to Apple, they are not negotiating with cyber-terrorists.
However, it would be advisable to change your iCloud password as soon as possible just in case in order to protect your Apple ID. Better safe than sorry right? Also, you should enable the 2 step authentication protocol which adds an extra security layer to your iCloud account.