How to: Access an iPhone locked in Lost Mode
Glenn Fleishman explains how to open your handset
AmacOS pseudo-ransomware attack from September 2017 that could also be used to irritate iOS users may continue to plague Apple users. Reader Richard says one morning he found his iPhone and iPad locked in Lost Mode. He was unable to regain access, and had to use Apple’s recovery process to verify his identity. This happened two weeks later to his wife’s iPhone and iPad, and then a friend of his wife’s had the same experience.
This is almost certainly related. In the previous attack, crackers would use database of passwords stolen and cracked from the many billions of leaked account/password combinations in the past few years. Some of those accounts were from iCloud users who used an icloud.com email address for their account name and reused the same password on another site they used with iCloud.
As long as the password was unchanged, an attacker even with two-factor authentication (2FA) enabled could lock a Mac with a PIN only they knew. (There’s a way to unlock your Mac without paying the ransom: we explain how here.)
With iOS devices with passcodes enabled – which I assume is the case with Richard, his wife, and her friend – Lost Mode can be triggered, but the code to unlock should be the same as the passcode for the device. From Richard’s description, that appears that it wasn’t the case, or it’s possible that the behaviour by a cracker triggered extra account protection on Apple’s part, requiring a phone call and identity verification.
In any case, if you haven’t changed your iCloud password in a while, do so. And turn on two-factor authentication while you’re at it.