Smartphones are the digital journals of the lives of millions of users. Inside these pocket computers, most of us house our family photos, text conversations, notes, calendars, and other priceless data we can't afford to lose.
Imagine having all of these digital memories wiped out and erased by a stranger from afar. A single click is all it takes.
This is the nightmare scenario that all iPhone, iPad and Mac users are still facing every day. Due to one glaring oversight in Apple's two-factor authentication (2FA) system, hackers can still break into your Apple account and erase your devices.
Apple introduced 2FA in 2015 to add another level of protection to Apple and iCloud accounts. This verification method requires users to input a one-time code sent to their iPhones, together with the password, when logging into an iCloud account for the first time.
This means that if someone successfully cracks your iCloud password, they still can't log into your account without the code.
The big problem is that this 2FA protection doesn't apply to Apple's Find My iPhone service. This allows hackers to remotely lock and wipe an iPhone, iPad or a Mac by merely cracking a user's iCloud account password.
This is exactly what happened to a University of Waterloo cryptography and security student named Kapil Haresh one fine Sunday afternoon on July 26. According to his blog entry, he was doing a cryptography assignment for school, of all things, when his iPhone's lock screen mysteriously dimmed and displayed this mocking message:
“Hey why did you lock my iPhone haha. Call me at (123) 456–7890.”