This morning Engadget reported that some Australian Apple device owners discovered “the hard way” that the lack of a PIN or gesture passcode on their iPhone, iPad or Macintosh device allowed hackers to leverage Apple’s own Find my iPhone feature to remotely lock devices and hold them hostage until the owner paid a $50 – $100 per device ransom.
I predict there will be many “copy cat” hackers that will try to replicate this and similar mobile device vulnerabilities on Apple, Android, Windows and perhaps even BlackBerry devices in the coming days and weeks.
If your smartphone, tablet or PC is not already configured to auto lock after a few minutes of inactivity (we recommend 1 – 15 minutes maximum) AND require entry of PIN, unlock gesture, password or other “passcode” to unlock the device, don’t be stubborn or lazy, just do it to be SAFE, not only to prevent your devices being held hostage for ransom, but to reduce the risk of unauthorized access, data loss and identity theft.
Wireless carriers, device manufacturers and insurance companies likely will NOT cover or undo the “virtual loss due to remote locking” of devices by hackers.
Unless your company has applied a policy that enforces automatic device locking after a few minutes of inactivity, impose the discipline on yourself to be SAFE so you won’t be SORRY! An ounce of prevention (e.g., the inconvenience of entering a passcode to unlock your device) is worth a pound of cure (e.g., spending an hour on the phone with Apple support to regain access to your device.
Apple, Google, Microsoft and others have also added 2-factor authentication options as an additional layer of security when accessing iCloud, Google Docs, OneDrive and other cloud-based services that companies and individuals should seriously consider implementing to further thwart hackers.
