Researcher Brian Krebs has discovered a way to unlock iPhone and iPad that is locked by the function lock is activated. Fraudsters use phishing attacks on users of the cloud service iCloud.
Krebs told about a group of scammers working closely with organized crime. Writes Securitylab, he published an investigation conducted by one of his friends, experts in the field of information security, who requested anonymity.
In case of theft or loss of iPhone owners of the device can use the function Find My iPhone to locate it and lock. Take advantage of the feature on the Apple website – just enter your credentials to log in to iCloud. According to Krebs, the attackers used Find My iPhone with the purpose of unlocking a stolen iPhone and iPad, and resale.
Some time ago an expert was faced with an interesting story. His son’s friend lost his iPhone. After some time he received an SMS allegedly from Apple with a request to pass on the link to find out the location of a lost device. Clicking on the link, the user got on a fake iCloud login page created by fraudsters for defrauding credentials.
The domain is on a server in Russia, which is also about 140 other domains-essentially a fake login page of iCloud. Despite the fact that domains located in Russia, their owners may be from a completely different part of the world, said the expert. As shown by the case, in fact it is.
A service operator for remote iPhone unlock using phishing was a Jonathan Rodriguez. As indicated in his profile on Facebook, Rodriguez lives in Puerto Rico.
This account is also used for advertising the service “Remove iCloud” and to administer the group’s iCloud Unlock Ecuador – Worldwide, with nearly 2,800 participants.