I was doing a little light reading last night, about the latest scourge of iCloud attacks, wherein a hacker gets access to your iCloud account, and using the Find my iPhone service, puts your device in “lost mode” and sets up a PIN to lock you out of your own device until you pay the ransom.
It’s brilliant in it’s simplicity, gaining access to a cloud service that is used to protect your data, and using it’s own tools against you.
As I continued reading about the theories about how the hacker was gaining access to the iCloud accounts, and ways to protect yourself from this kind of attack, this bit jumped out at me. I almost spilled my drink.
iPhones and iPads that have a PIN don’t present the attacker with the ability to set their own. That screen earlier on where I remotely locked the device is only presented when it doesn’t already have a PIN so that immediately thwarts this attack. Even if the device is just for the kids, if you connect it to iCloud, put a PIN on it (don’t worry about it making life hard for them, kids have an uncanny ability to access a device protected by nothing more than four numbers).
What the hell people? Ask anyone about losing their phone and they’ll likely tell you about how awful that would be, how it has “their whole life on there”, but they still walk around without even the simplest of security turned on? Really, is the 2 seconds it takes to enter a PIN too much effort? C’mon we have to be better than that. If you don’t have a PIN on your iPhone or iPad please go check out how to enable one. The next time you leave your device somewhere, or set it down in a crowded room/bar/restaurant/etc. you’ll be glad for that meager bit of protection from prying finger tips.