Why you should never use someone elses Apple ID on your iPhone, according to Kaspersky Lab

Information Technology Press Releases Wednesday January 9, 2019 12:48
Bangkok--9 Jan--Kaspersky Lab

Users of any Apple device must have an Apple ID. It's a kind of digital passport for journeying in Appleland. You need an Apple ID to enter, and it gives you certain rights. And it should be treated like a passport: Don't lend it to anyone, and don't borrow anyone else's.

The first point is obvious. Giving someone your Apple ID means losing access to your own devices, your data, your subscriptions and so on. But questions often arise about why you should never enter someone else's Apple ID on your iPhone or iPad. Let's use Marcie's story as a case study.

Selling an iPhone

After a year of tender loving care, Marcie decided to sell her iPhone X. It was so last-year, she simply had to upgrade to the XS, or at least the XR. Her first thought was eBay, plus an ad on Craigslist for good measure.

Next came the question of price. The phone was in good shape, so she decided to aim high. She hadn't spent a year blowing dust off it for nothing. And not a single scratch! Sure, it might take a while to find a buyer, but Marcie was in no hurry.

To her surprise, one appeared the very next day. A polite woman wrote that her husband really wanted to buy the iPhone, but he was terribly busy and couldn't drop by until the end of the week. But he really liked the fact that the device was in perfect condition, so he wanted to make an advance payment and pick it up later. To check that the phone really was A-OK, the woman asked Marcie to enter her husband's Apple ID into the device. If it worked, she would transfer the prepayment right there and then.

Marcie was beaming — she'd expected to wait at least a couple of weeks, but 24 hours later, it was all done. The woman had sent her husband's Apple ID e-mail and password. Marcie wondered why these people were so carefree about giving such valuable data to a total stranger. But that was not her problem, so she entered the information into the phone and informed the woman that everything was ready to be checked.

And then something happened that Marcie wasn't expecting at all. A message appeared on the iPhone screen saying that the device was blocked, and that someone at such-and-such e-mail address had to be contacted to unblock it. There was no way past the black screen with its unpleasant tidings; the phone was blocked, period.

The "polite woman" (read: fake account) no longer replied to Marcie's messages. So Marcie wrote to the e-mail address provided, only to be informed that to get her phone unblocked, she would have to transfer a tidy sum in cryptocurrency.

Marcie paused to think — there was no guarantee she wouldn't be deceived a second time. The iPhone itself was lying on the table like a useless brick, totally indifferent to Marcie's inner turmoil. Besides being unsure about whether to pay, she was angry with herself for being so easily duped.

Beware of strangers bearing Apple IDs

As soon as you let someone enter their Apple ID on your Apple device, you effectively relinquish possession of it. And if that someone is a cybercriminal, they will not let go easily: having hoodwinked the victim, they block the device using the "Find my iPhone" feature in iCloud.

This feature is intended to prevent a stranger who has found your lost phone from freely perusing its contents, and to display your contacts on the screen so the finder can contact you and return the phone.

In this case, of course, the device was not lost. But as soon as the victim enters another person's Apple ID, the iPhone is immediately added to that person's list of associated devices in iCloud, and henceforth can do anything they like with it. Thus, a handy feature can serve nefarious purposes: Cybercriminals can use it to block iPhones and iPads — and then demand a ransom.

So you should take care when selling used devices, but that's not the only case. A favorite social engineering technique among scammers is to cozy up to users of Apple-related forums, and then ask to enter their Apple ID under various pretexts like "my phone's dead, my contacts are in iCloud, gotta call my boss urgently, please help," or something in that vein.

But surely if you know the cybercriminals' Apple ID e-mail and password, you can just log in to the Web version of iCloud and put things right? Nope. The fraudsters' account is protected with two-factor authentication, so to log into their iCloud, you also need to enter the code sent to one of their devices. Naturally, only they have access to their devices, so simply knowing their Apple ID isn't enough.

The moral of the story: Never enter someone else's Apple ID on your device. Even if they say please.

Latest Press Release

Hole in the eWallet: Mobile Payment Apps Face Significant Challenges Engaging, Retaining Users, Shows CleverTap Benchmark Report

With 77 percent average churn, immediate value and superior customer experience become critical competitive differentiators Mobile marketing engagement and analytics platform CleverTap today released its latest Industry Benchmarks for Mobile Payment...

Botlight an inspirational success

Bosch Thailand establishes a learning mechanism to build vocational skills for underprivileged hill-tribe youth to earn an income and increase their self-reliance Bosch joins hands with the Fine Arts Faculty at Chiang Mai University to enhance a dynamic...

Get the Samsung Galaxy J6 Plus with a TrueMove H post-paid SIM card for the best price of 3,270 baht, now available exclusively at 7-Eleven

TrueMove H, Asia Pacific's best 4G network with nationwide high-speed connectivity, led by Mr. Tuantong Srivichian (second from left), Director for Retail Business, True Corporation Public Company Limited, in collaboration with 7-ELEVEN, led by Ms. Malee...

Infineon first chipmaker to be named Partner of The Year by Hyundai for cooperation in electro-mobility

Semiconductors are a key enabler for electro-mobility: Hyundai Kia Motors Company named Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) "Partner of the Year 2018" for providing power modules used in hybrid and electric cars. Infineon is the first...

40 students compete in the IT One Experience, IT Ones 8th business case competition

Top students team up in the IT One Experience business case competition winning more than 150,000 baht Student teams from eight leading Thai universities participated in this year's competition. IT One held its eighth annual one-day "IT One...

Related Topics