Last March 21, 2017 - Turkish Crime Family on twitter issued a warning that 200 Million iCloud accounts will be factory reset on April 7, 2017. By 4:02am of March 22, it reported on twitter that the number of accounts has grown to 627M. They are currently improving their infrastructure to be able to effectively cause the maximum damage it can do. The amount of 75,000 USD was initially reported to be the price for them to back-off or cancel their attack but has since refuted those reports.
This sum of $75,000 is incorrect, this was submitted by one of our old media guys that is not a part of our group. The sum is a lot higher
— Turkish Crime Family (@turkcrimefamily) March 23, 2017
And Apple seemed to have claimed that this vulnerability has been fixed. Unfortunately, it didn't really inspire confidence when Wikileaks chimed in on the issue.
Apple's claim that it has "fixed" all "vulnerabilities" described in DARKMATTER is duplicitous. EFI is a systemic problem, not a zero-day.
— WikiLeaks (@wikileaks) March 24, 2017
An EFI vulnerability usually means that the malicious piece of code will be there for an indefinite period of time or simply be there forever. It could include keyboard loggers, spying tools, or add your machine to pool of computers remotely accessible and controllable by the group that deployed the vulnerability exploit.
An opinion article at MacWorld.com has this to say:
To take advantage of this exploit remotely, an attacker would have to either use an unpatched browser weakness or convince a user to install software with an administrative password. Judging by reports around free software that’s repackaged with adware and malware and hosted at popular download sites, users routinely give away the keys to the kingdom. But on what scale? Probably also not enough to be worthwhile for this kind of flaw.
But that is exactly what is wrong, that is the mindset that we are advocating that we all should avoid.
Course of Action
We strongly recommend that everyone using iOS make or take an offline back-up of their device(s) immediately. Having a backup of your device is good practice anyway and doing it as frequently as one can adds several degree of recoverability to one's precious data.
The best thing a backup can do is one will be able to retrieve their data should the Turkish Crime Family make good with their threats.
Comments
Post a Comment