Why you should never use someone elses Apple ID on your iPhone, according to Kaspersky Lab

Information Technology Press Releases Wednesday January 9, 2019 12:48
Bangkok--9 Jan--Kaspersky Lab

Users of any Apple device must have an Apple ID. It's a kind of digital passport for journeying in Appleland. You need an Apple ID to enter, and it gives you certain rights. And it should be treated like a passport: Don't lend it to anyone, and don't borrow anyone else's.

The first point is obvious. Giving someone your Apple ID means losing access to your own devices, your data, your subscriptions and so on. But questions often arise about why you should never enter someone else's Apple ID on your iPhone or iPad. Let's use Marcie's story as a case study.

Selling an iPhone

After a year of tender loving care, Marcie decided to sell her iPhone X. It was so last-year, she simply had to upgrade to the XS, or at least the XR. Her first thought was eBay, plus an ad on Craigslist for good measure.

Next came the question of price. The phone was in good shape, so she decided to aim high. She hadn't spent a year blowing dust off it for nothing. And not a single scratch! Sure, it might take a while to find a buyer, but Marcie was in no hurry.

To her surprise, one appeared the very next day. A polite woman wrote that her husband really wanted to buy the iPhone, but he was terribly busy and couldn't drop by until the end of the week. But he really liked the fact that the device was in perfect condition, so he wanted to make an advance payment and pick it up later. To check that the phone really was A-OK, the woman asked Marcie to enter her husband's Apple ID into the device. If it worked, she would transfer the prepayment right there and then.

Marcie was beaming — she'd expected to wait at least a couple of weeks, but 24 hours later, it was all done. The woman had sent her husband's Apple ID e-mail and password. Marcie wondered why these people were so carefree about giving such valuable data to a total stranger. But that was not her problem, so she entered the information into the phone and informed the woman that everything was ready to be checked.

And then something happened that Marcie wasn't expecting at all. A message appeared on the iPhone screen saying that the device was blocked, and that someone at such-and-such e-mail address had to be contacted to unblock it. There was no way past the black screen with its unpleasant tidings; the phone was blocked, period.

The "polite woman" (read: fake account) no longer replied to Marcie's messages. So Marcie wrote to the e-mail address provided, only to be informed that to get her phone unblocked, she would have to transfer a tidy sum in cryptocurrency.

Marcie paused to think — there was no guarantee she wouldn't be deceived a second time. The iPhone itself was lying on the table like a useless brick, totally indifferent to Marcie's inner turmoil. Besides being unsure about whether to pay, she was angry with herself for being so easily duped.

Beware of strangers bearing Apple IDs

As soon as you let someone enter their Apple ID on your Apple device, you effectively relinquish possession of it. And if that someone is a cybercriminal, they will not let go easily: having hoodwinked the victim, they block the device using the "Find my iPhone" feature in iCloud.

This feature is intended to prevent a stranger who has found your lost phone from freely perusing its contents, and to display your contacts on the screen so the finder can contact you and return the phone.

In this case, of course, the device was not lost. But as soon as the victim enters another person's Apple ID, the iPhone is immediately added to that person's list of associated devices in iCloud, and henceforth can do anything they like with it. Thus, a handy feature can serve nefarious purposes: Cybercriminals can use it to block iPhones and iPads — and then demand a ransom.

So you should take care when selling used devices, but that's not the only case. A favorite social engineering technique among scammers is to cozy up to users of Apple-related forums, and then ask to enter their Apple ID under various pretexts like "my phone's dead, my contacts are in iCloud, gotta call my boss urgently, please help," or something in that vein.

But surely if you know the cybercriminals' Apple ID e-mail and password, you can just log in to the Web version of iCloud and put things right? Nope. The fraudsters' account is protected with two-factor authentication, so to log into their iCloud, you also need to enter the code sent to one of their devices. Naturally, only they have access to their devices, so simply knowing their Apple ID isn't enough.

The moral of the story: Never enter someone else's Apple ID on your device. Even if they say please.

Latest Press Release

Kakao#s Blockchain Project #Klaytn# to Lead Mainstream Adoption of Blockchain: Announcing the 3rd Batch of Initial Service Partners

- Service providers with massive user base join Klaytn for scaling the reach of blockchain - Klaytn partners with global blockchain projects around the Netherlands, Argentina, and Japan Kakao's blockchain subsidiary 'Ground X' held 'Klaytn Partners Day'...

ABeam Consulting urges enterprises to take actions for Cybersecurity both organizational and individual perspectives

ABeam Consulting (Thailand) Ltd. advises enterprises on Cybersecurity. From ThaiCERT study, 35% of cyber-crime attacked individual while 65% attacked organizations. Legislating law on cyber has been officially announced; therefore, strengthen protection...

MPLAB(R) Harmony Version 3.0 Unifies Software Development Framework for PIC(R) and SAM Microcontrollers

- Enhanced tool chain accelerates development with modular software downloads and simplified drivers From basic device configuration to Real Time Operating System (RTOS)-based designs, 32-bit microcontroller (MCU) applications vary vastly in complexity...

HUAWEI CLOUD Unveils New AI and Blockchain Services in Hong Kong

Hosting its 2019 Cloud Summit in Hong Kong today, Huawei announced it is strategically investing in the city and the region to contribute to the economic development of the Greater Bay Area by helping enterprises embrace the intelligent future of cloud...

dtac and Garena launch #Free Fire Thailand Championship 2019 Presented by dtac to accelerate Thailands mobile e-sports growth

dtac and Garena (Thailand) a leading online game and social platform, through which, users can access popular and engaging mobile and PC online games, officially launch "Free Fire Thailand Championship 2019 Presented by dtac" to address the popularity of...

Related Topics