Hackers have perpetrated numerous attacks on iMessage users, bombarding unsuspecting Apple desktop and iPhone owners with messages in Chinese in a supposed attempt to steal personal information.
The attack begins as a text message in Chinese from an unknown foreign number, which is followed by a ‘pop up’ dialogue box that appears on screen and informs the user their Apple ID is being used on a new Mac.
After clicking an ‘OK’ button on the dialogue box – the only option given – the user is then bombarded with text messages in Chinese.
A number of users on Twitter have reported being targeted in the same way; some even translating the messages received to find advertisements for a casino in Macau.
At this point, the extent of access the hackers gain to a device is unknown.
After numerous users reported the attack to Apple, engineers have apparently begun looking into the matter, so we can expect an operating system update that addresses the breach to be released shortly.
An exploited history
Unfortunately, this is not the first time Apple users have been targeted.
In July this year, a security exploit was discovered in iOS that allowed hackers to target iPhone users with a malicious message that gave the sender access to stored passwords and control of the iPhone’s internal storage, including photos.
Because the attack was embedded in an image sent via iMessage, there was no way to prevent the attack and no way for a user to know they had been hacked.
Apple swiftly released an update to the operating system, but not before the security exploit was labeled an “extremely critical bug” by Cisco Talos senior security researcher Tyler Bohan.
Mr Bohan explained the severity of the delivery method, saying, “this vulnerability is potentially exploitable through methods that do not require explicit user interaction since many applications (i.e. iMessage) automatically attempt to render images when they are received in their default configurations.”
Basically, a user simply needed to switch on their targeted device for it to be affected.
In 2014, various Apple users were the target of an extremely high-profile attack when scores of celebrity iPhone users had their iCloud accounts hacked and personal photos published on the internet.
The attacker gained access to the users’ iCloud accounts, which contained backups of personal data and content, by means of ‘phishing’ emails and ‘brute force’ attacks.
Phishing involves sending emails that resembles those sent from an official company or service, such as a bank.
The user simply clicks a link in the bogus email and is taken to a website that looks like a regular login site, but is actually designed to capture account and password information.
A brute force attack is exactly as the name implies: an automated program is used to make repeated attempts to guess an account holder’s password and gain access to a secure system or service.
Apple has since taken steps to prevent successful brute force attacks on the iCloud system, however phishing emails, known as a ‘social engineering’ attack, are much harder to contain.
How to stop hackers
Preventing your Apple ID from being hacked is a relatively simple task. Just follow the steps below to protect yourself from attack.
- Log on to iCloud (https://www.icloud.com)
- Click on Settings, then go to Manage
- You will be asked to log in again with your Apple ID details
- Now, under Security, select Change Password and change your details, then click Change Password to complete
- For added security, turn on Two-Factor Authentication – this will request approval from another Apple device each time your Apple ID is used to log in to a new service
- Update your new password on all Apple devices
Note: avoid changing your Apple ID password while using a public Wi-Fi network, as these networks can be subject to malicious activity that can compromise your security.