Apple kidnappers: how hackers break into iPhones under the guise of Apple
Scammers have begun hacking into users' Apple IDs posing as Apple. They send out letters asking users to re-enter the system to confirm their identity - but in fact they block the account and demand a ransom. "Izvestia" learned how the scheme works and how to protect yourself from it.
"Apple" hacking
Fraudsters have begun to hack the Apple ID of Russians - victims receive fake letters from Apple. This is reported by the channel "CyberTopor" in Telegram.
In the letters that come to the mail, users are asked to re-enter the system to confirm their identity. But the link to iCloud is fake, with the site completely repeating the official one. When entering data, they immediately get to the fraudsters, who change the password and mail to reset it. After that, the owner of the phone becomes inaccessible to all files in the cloud storage and content purchased in the AppStore.
- For those who have been using Apple products for a long time and completely transferred their data to the "cloud", this can be a sensitive blow. Therefore, fraudsters will have an opportunity to demand ransom, " says Dmitry Ovchinnikov, head of the Laboratory of Strategic Development of Cyber Security Products of the Analytical Center for Cyber Security "Gazinformservice" in a conversation with Izvestia.
At the same time, the data itself is also of interest to hackers. Photos, correspondence and personal videos can be used for blackmail or for a more detailed study of the victim with a targeted attack.
Phishing ploy
According to Dmitry Ovchinnikov, hackers developed this scheme several years ago - almost simultaneously with the emergence of Apple ID in Apple products. This is a classic phishing trick: fraudsters create a fake company page that visually repeats the real one. The address of the fake resource may differ by one letter or symbol.
Then the fraudster makes a wide mailing on behalf of the company, in which he persuades users to click on a link leading to a phishing resource, explains Ilya Odintsov, head of Security Awareness at RED Security.
- The pretexts can be different: a message about a hack or data leak, an offer to participate in a promotion or receive a gift. If the user goes to the resource, he will be asked to enter his login and password from the account - ostensibly to confirm his identity. They may also ask for card details - for example, to get some bonuses or participate in a drawing. Of course, all this information goes directly to the attackers," the expert explains.
Complex variations may involve scripts, browser vulnerabilities or data substitution in OS files. But the goal is always the same - to obtain a mail address or login and password. A similar technique was used a few years ago to steal Google accounts - people would receive a letter from technical support saying that their email would be blocked within 24 hours, and to unblock it, they had to undergo an identity verification procedure. In fact, the scammers were simply stealing data.
Ways to hack an iPhone
Cyberprotect expert Sarkis Shmavonyan, talking to Izvestia, divides iPhone hacking schemes into two groups: face-to-face and remote. In the first case, the device is connected to the cable and software is used to "unlock" it and obtain administrator rights. This approach compromises the data and the device itself.
The other method of hacking is much simpler - it is realized remotely, with the help of social engineering. It can also be divided into two groups: those in which fraudsters try to get someone else's Apple ID data, and those where the device owner is persuaded to log in under someone else's Apple ID, adds Ilya Odintsov.
Fake emails from Apple belong to the first version of attacks, as well as various messages in messengers, when fraudsters present themselves as Apple support and ask to provide them with an Apple ID to avoid blocking the device.
- The second scheme also occurs in different variants. For example, a person can write to an alleged acquaintance (but actually a scammer from under a hacked account) saying that his iPhone has been stolen. He will ask for help in establishing the current location of the device, for which you only need to log out of your Apple ID on the smartphone and enter the Apple ID of the "friend". If the person does this, the attacker immediately locks his phone using the device's lost or stolen lock feature. A ransom is then demanded from the user. But even if the ransom is paid, the phone may remain blocked, and it will be impossible to use it," says Ilya Odintsov.
In both cases, hackers use any relevant context to find a "hook" that a person will fall for. For example, a popular request is related to the installation of banking applications on the iPhone, removed from the Apple store.
- Legends promise that if you log in with an alternate account, all installation capabilities will resume. The result is compromised access to the device and again a ransom demand," concludes Sarkis Shmavonyan.
Sometimes there are more complex, targeted attacks on iOS device users, adds Dmitry Galov, head of Kaspersky GReAT in Russia. For example, there is a cyber espionage campaign called Operation Triangulation, which is a targeted attack using previously unknown malware and zero-day vulnerabilities in iOS. The malware infiltrates victims' devices using an exploit (special code) delivered in a hidden iMessage, launches, and takes full control of the device and user data.
Ways to protect yourself
Technically, it is more difficult to hack an iPhone than Android devices, Izvestia experts say. The main reason is the closed iOS operating system on which the gadgets run. Software installation on them is possible only from the official store, although this restriction can be bypassed if desired.
- In general, Apple pays a lot of attention to the security of its devices and operating system. Software and data encryption are regularly updated, and other measures are used to make it difficult to hack the device," says Sarkis Shmavonyan.
But even this sometimes does not save the owners of the equipment. The thing is that globally hackers "don't care" what kind of phone the victim has. Most hacks are made with the help of social engineering, and no technical tricks of phone manufacturers save from it, explains Dmitry Ovchinnikov, an expert of Gazinformservice.
- The victim himself, with his own hands by his own inattention or carelessness passes the data to fraudsters. It's just that Apple products sometimes require a little more steps for the victim," notes the Izvestia interlocutor.
In general, he concludes, owners of all smartphones are advised to follow simple security rules: do not follow links from emails (especially with the signature that it is "very important") and do not download anything from dubious sources.
- On personal iPhone devices, use only your Apple ID accounts. If you need to change users in the Apple app store, it's important to do so directly in the app store. This approach will not compromise the device itself," adds Sarkis Shmavonyan.
