May 6, 2014

Despite the fact that iOS is considered safe from all threats, cybercriminals are still showing an interest in the platform. In March and April, Doctor Web's security researchers analysed Trojans targeting jail-broken smartphones and tablets, and early May saw a growing number of incidents involving fraud being directed against users of mobile devices manufactured by Apple.

Criminals are inventing new schemes that enable them to line their pockets at the expense of unsuspecting users, and increasingly frequently they are tending to turn their attention to iOS.

For example, the recent series of fraud episodes related to iOS users hasn't involved any malware whatsoever. To accomplish their goals, criminals are solely using social engineering tricks; specifically, they are exploiting consumers’ irresistible craving for free goods and services in combination with their technological incompetence. This fraud technique makes use of all-in-one Apple ID accounts that enable users to access Apple services, such as App Store, i Cloud and iTunes, as well as their purchased content (music, films and games) from any Apple-manufactured device by entering their Apple ID and password. For a moderate fee, criminals offer users access to an Apple ID login and password that lets them use a large volume of chargeable content completely for free. Such proposals to “rent out” an Apple ID are quite common on forums and social networking sites, so users don't regard them with suspicion However, they forget that Apple ID account holders can use the Activation Lock feature, introduced in iOS 7, which works in conjunction with the Find My iPhone service. This feature can be used to lock an iPhone or iPad which can only be unlocked by entering the Apple ID password.

So criminals seek out inexperienced iOS users on the Internet (the most typical targets are children and teenagers) and offer them someone else's Apple ID to use to access App Store and iTunes and, thus, view a vast number of commercial films, applications and games free of charge. Criminals offer the same Apple ID login and password to access all Apple services. They also provide their victim with detailed instruction. Having done all the steps, the victim is authorized in several online Apple services at once, including iCloud. This does not seem suspicious to inexperienced users. Once the victim logs on under the Apple ID account provided by the fraudsters (at this point a new device appears in the account properties), the fraudsters immediately change the Apple ID password, lock the victim's mobile device and send the victim a ransom demand that must be paid for the device to be unblocked.

In previous versions of iOS, one could unlock the device by reflashing the firmware. But with the advent of iOS 7, the information about locked and presumably lost phones is stored on Apple's servers, and the user must enter the Apple ID and password to reflash the device. Of course, iOS does allow "forgetful" users to reset the activation lock without entering a password, but in this case the device owner has to contact Apple technical support and present proof of purchase issued by the store in which they bought the device, and their ID. If the iPhone or iPad has been locked by criminals, certain difficulties can ensue.

Doctor Web recommends that users of Apple devices be vigilant and not fall for the tricks of criminals who offer free access to large amounts of paid content. Remember: the cheese is free only in a mousetrap!

Protect your Android handheld with Dr.Web now