TIME Security

Apple iPhones, iPads Held for Ransom: What Happened and What You Can Do

Another week, another security breach. This one’s extra weird, though.

What happened?

People are reporting that their iPhones and iPads (some Macs, even) woke them up in the middle of the night with a message demanding between $50 and $100 in order to regain access to the devices. Most of these people are in Australia, though some reports are trickling in from elsewhere.

Apple has a feature called Find My iPhone that lets you locate, lock and erase your device if you lose it somewhere. It appears that whoever’s behind this has gotten ahold of people’s iCloud usernames and passwords, then used the Find My iPhone feature to remotely lock devices, demanding payment in order to unlock them.

The incident is being discussed at length in Apple’s support forums. Apple hasn’t officially responded yet. I’ve requested comment from its PR team and will update this post if I hear back. (Spoiler: I probably won’t hear back).

Who is affected?

What’s interesting is that this issue is mostly affecting users in Australia. It’s also affecting some users in New Zealand, some users from Australia who are currently travelling abroad outside Australia, and users from outside Australia who are in or have been in Australia for a while.

At least one person in the U.S. with no ties to Australia in any way claims his or her device has been compromised as well.

How did this happen?

That’s a great question, and we’re not really sure of the answer quite yet. There are a few main theories floating around, none of which have been proven.

Some are speculating that a hacker got ahold of a bunch of usernames and passwords, either from an email phishing scam or from a previous data breach. That’s an easy explanation, but it doesn’t really address why the issue seems mostly isolated to Australia. Several users are reporting that they used wholly unique usernames and passwords for their Apple accounts, too.

Some are speculating about a man-in-the-middle attack, where an Australian Internet service provider has been compromised to the point that traffic sent between Apple devices and Apple’s iCloud servers has been intercepted. The trouble with this theory is that the issue isn’t isolated to single service provider, and it’s apparently affecting a handful of users outside the country.

And some are speculating that Apple’s iCloud servers have been compromised. The Australia angle makes that a bit unlikely, and Apple’s got enough layers of protection – data sent back and forth is encrypted, for instance – that this seems like a longshot. Some users are reporting that they’ve used strong, long and unique passwords and have still been affected, so this theory can’t be totally thrown out.

For what it’s worth, the man-in-the-middle theory — or some derivation of it — seems the most plausible to me, but it’s still early. The handful of random outliers keep poking holes in each theory, which makes this whole case wonderfully weird and interesting.

What should you do?

For starters, if you’ve received this ransom message, don’t bother contacting your wireless provider. They’ll send you to Apple.

If you use a four-digit passcode on your device, you’ll be able to regain control of it: Simply do the old Slide-to-Unlock trick and enter your four-digit PIN.

Whether you’re in Australia or not, just to be on the safe side, you should change your Apple password if you use it elsewhere. Go to iforgot.apple.com to change it, and check out this video for tips on choosing a strong password you can actually remember:

If you don’t use a four-digit passcode on your device and you’ve been hit with the ransom note, you can restore your device to its last backup point. You’ll lose photos, videos and other items you’ve collected since you last backed up your phone, but at least you’ll have control of your phone again. Instructions for how to restore your device using Recovery Mode are as follows, per Apple:

Follow these steps if you never synced your device with iTunes, if you don’t have Find My iPhone set up, or if you can’t get to your own computer. You’ll need to put your device in recovery mode to erase the device and its passcode. Then you’ll restore your device.

  1. Disconnect all cables from your device.
  2. Turn off your device.
  3. Press and hold the Home button. While holding the Home button, connect your device to iTunes. If your device doesn’t turn on automatically, turn it on.
  4. Continue holding the Home button until you see the Connect to iTunes screen.
  5. iTunes will alert you that it has detected a device in recovery mode. Click OK, then restore the device.

Once you’ve restored your phone, change your Apple password by following the steps a few paragraphs up if you haven’t already.

If that doesn’t work, your best bet may be to bring your iPhone into your nearest Apple store. Make sure to bring your ID and receipt, if you still have it, as you’ll need to prove the phone belongs to you in order to get help unlocking it.

TIME Consumers

Everybody Hates Time Warner Cable and Comcast

Hate your television or Internet provider? You’re far from alone: Time Warner Cable and Comcast earned bottom-of-the-barrel scores in a consumer satisfaction survey published Tuesday.

Subscription TV-wise, Time Warner Cable scored the lowest of the companies included in the report, with a 56 (a 7% decline from last year’s report). Comcast came in second to last, at 60 (a 5% decline from last year’s report). In terms of Internet service, TWC got a 54 (a 14% decline from last year’s report) while Comcast earned a 57 (an 8% decline from last year’s report).

The numbers come by way of the American Consumer Satisfaction Index (ACSI)’s 2014 Telecommunications and Information Report, a survey of 70,000 customers about their satisfaction levels with commonly used products and services. The results span 230 companies across 43 industries.

DirecTV, AT&T, Verizon (FiOS) and Dish scored highest for TV providers, with their scores tightly bunched at between 67 and 69. FiOS ran away with the Internet crown: it scored a 71, with AT&T’s U-verse service and CenturyLink both a distant second at 65. If we’re talking grades in a school setting, we’re still in D+/C- range for all of these, so let’s not get too excited just yet.

So why are people so down on Comcast and Time Warner Cable? According to the report:

High prices, poor reliability, and declining customer service are to blame for low customer satisfaction with pay TV services. The cost of subscription TV has been rising 6% per year on average—four times the rate of inflation. But now, dissatisfied pay TV customers have more alternatives than ever before. The rise of streaming video from companies like Netflix and Amazon, combined with pay TV’s deteriorating service quality and higher prices, has led to the first-ever net loss of television service subscribers for a full year in 2013.

Among the largest subscription TV providers, the customer satisfaction decline is broad and pronounced—every company experiences a drop between 3% and 7%. Still, customer satisfaction varies greatly depending on the type of service. Fiber optic and satellite providers typically beat the industry average and perform much better than cable companies.

People are also generally pretty happy with TV sets (and accompanying video players), credit unions and soft drinks – which scored 85, 85 and 84 out of 100, respectively.

You can download the full report here, though you’ll need to register first.

TIME Software

China Bans Windows 8 on Government Computers

A little over a month after Microsoft officially ended support for its 13-year-old Windows XP operating system, China has decided that the software meant to replace XP, Windows 8, is to be banned from government computers.

Reuters reports that China’s official Xinhua news agency vaguely cited security measures and energy-saving efforts as the rationale behind the ban, though “neither the government nor Xinhua elaborated,” says Reuters.

Former CEO Steve Ballmer reportedly told employees in 2011 that Microsoft’s Windows sales were roughly 5% in China compared to what they were the U.S. — even though PC sales were about the same. Despite widespread software piracy in China, however, this Windows 8 ban could have a lasting effect on Microsoft’s bottom line there: As the Associated Press points out, the Chinese government is Microsoft’s largest paying client.

[Reuters]

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser