Hackers try to trick unsuspecting iPhone users with everything from camera spyware to ”jailbreak” malware.
But when they targeted Kapil Haresh Vigneswaren in an iPhone scam, he knew exactly what to do. Vigneswaren is a University of Waterloo computer science graduate student who specializes in cryptography, security and privacy.
He was studying with friends when his phone made a strange sound.
"The phone started beeping [a] distinctive high-pitched tone, and at that point you're like, ‘okay something's not right,'" he told CTV Kitchener.
He realized it was the Find My iPhone app and assumed it was a bug since he hadn’t activated the app.
Then his phone beeped again. When he picked it up, he saw it was remotely locked with a taunting message across the screen: "hey why did you lock my phone? haha"
"At that point I knew, okay, I'm being compromised. I need to control the situation and contain the attack," he said.
Vigneswaren knows exactly how iPhones work and what hackers would need to access his account. He immediately turned off the Wi-Fi and 4G network on his phone and laptop. He then logged into his iCloud and changed his password.
Vigneswaren said he doesn’t think he was targeted because of his background, and it was just a coincidence that they went after a cryptography expert.
"You could say that they messed with the wrong person,” he said, laughing. “Too bad for them.”
In the end, Vigneswaren said it was a “good thing,” in that his account wasn’t compromised and he was able to isolate the security flaw and report it to Apple. He said they are investigating and a fix should be on the way.
Cybersecurity tips
- Don’t automatically connect to public Wi-Fi: Ryan Duquette of Hexigent Consulting advises you to turn off the feature under iPhone settings to be safe.
- Create complex security questions: "If you have a security question on your account like 'What's your mother's maiden name?' make sure it's not actually your mother's maiden name because information like that is quite easy to compromise,” said Taylor Smith, a University of Waterloo Master’s student .
- If you think your account has been hacked then follow Vigneswaren’s lead: Turn off the Wi-Fi and other networks on your devices, change your login info and check third-party apps.
With a report from CTV Kitchener’s Daryl Morris