How do crooks break into iCloud-locked iPhones? Let's take a look by Francis Navarro

What would you do if you lost your iPhone? Or worse, if it was stolen? The right thing to do is to first use Find My iPhone to try and locate, and in the worst case scenario, remotely wipe it.

Next, you will probably report the iPhone as lost or stolen to your carrier or Apple to prevent the gadget from being resold. There are serial number blacklist, IMEI locks and more importantly, Apple iCloud account locks that can prevent your phone from being reactivated.

However, despite these activation locks and kill switches that help thwart thieves, there will always be hackers and scammers who will remain one step ahead of the curve. Let's take a look at their latest techniques.

How do hackers resell stolen iPhones and iPads?

A new extensive report from Motherboard details the various ways hackers can unlock iCloud-locked iPhones and iPads so they can reactivate them and sell them.

See, in 2013, Apple introduced the iCloud locking to iPhones and iPads. This means that only one iCloud account can be associated with an iPhone or iPad and in order to sell it (or give it to someone else), that account has to be completely removed and unlinked from the gadget.

This also means that resetting and reactivating the iCloud-locked iPhone or iPad will require the password of the linked iCloud account. Without this, the gadget can't be set up as new.

This is why stolen iPhones that are iCloud-locked are almost completely useless and are often sold just for parts. Note: If you see a Craigslist or eBay listing for a cheap iCloud-locked (also, IMEI blocked) iPhone or iPad, stay away from it! Not only is it useless, it could be stolen or lost merchandise.

But as usual, iPhones and iPads will always be hot items and crooks have found ways around this.

Obtain the iCloud account password via phishing or social engineering

One popular method for reactivating iCloud-locked iPhones and iPads is via old-school phishing scams where resellers will try and locate the original owner then trick them into giving up their Apple ID/ iCloud password.

Black market Apple gadget resellers apparently rely on special iCloud phishing kits that are easy to use and they can be purchased through underground online chats and iPhone hacking message boards.

Based on Motherboard's investigation, these phishing kits come with pre-designed templates that are designed to fool the victims into thinking that their lost iPhone was found.

For example, a hacker could send out a text message that appears to be from Apple containing a link that's designed to steal your Apple ID credentials. These kits can even send out a fake map of where the lost iPhone was located to further reinforce the ruse. Click here to see how these fake Apple login pages can clean you out.

But how do these hackers find out about an iPhone's activation lock status? They reportedly use paid lookup databases that could tell if an iPhone has "Find My iPhone" enabled or if it was already reported lost, stolen, or clean. (Some hackers even claim to have access to Apple's Global Service Exchange - GSX - a repair database used by authorized Apple service centers and Apple itself.)

With these tricks, once the hackers get the iCloud credentials they need, they can simply enter them on the locked iPhone, clear it out then resell them.

Use fake receipts and trick Apple employees into removing the iCloud lock

Although phishing scams are popular among cybercriminals, they can be hard to pull off and there's a good chance that tech-savvy users won't fall for them.

But hackers have another trick up their sleeves - they are going straight to Apple and have the company's employees do the dirty work themselves!

Using photoshopped fake receipts and invoices, scammers are starting to take locked iPhones to Apple Stores, claim that they have forgotten their iCloud password and have Apple employees unlock the devices for them.

See, according to documents obtained by Motherboard, Apple Stores have an "iCloud Support App" that lets employees check the iCloud status of an iPhone or iPad, and it also allows managers to request the unlocking of the device.

With an authentic-looking receipt and detailed information about the gadget (IMEI number, date of purchase, name on the iCloud account, etc.) obtained from online databases, it's not hard to see why this method is becoming more popular.

Note: Keep in mind that an iCloud lock is different from your iPhone's passcode. Your passcode will lock your screen and encrypt your iPhone's data, while an iCloud lock will prevent it from being reactivated under a different account.

Steal the iPhone with physical threats and force the owner to disable iCloud

While phishing and social engineering scams are devious, at least they don't cause physical harm. But, it looks like street-level crooks are stepping up their game, and they are now using violent threats to force victims into deleting their iCloud accounts from their iPhones.

Last month, Motherboard notes that there have been reports of iPhone muggings in Philadelphia where the suspects are holding their victims up at gunpoint, demanding that they pull up their iPhones, disable "Find My iPhone" then log out of their iCloud account.

Another case filed in Washington detailed how a teenager placed a woman in a chokehold and asked her to delete her iCloud from her iPhone 6S, then ran away with it.

It's scary enough that a thief would steal your smartphone right out of your hand while you're using it, but using violent threats to force you into removing your iCloud account? That's an entirely new level of hi-tech crime.

Want to learn more about this disturbing trend? Listen to this free Komando podcast and hear Kim talk about in just a minute.

How to protect your iCloud account

Secure your iCloud Account Password immediately

First order of business, if your iPhone was stolen or lost, change the password of your iCloud account immediately. Even if attackers get a hold of your credentials and try to lock your device, the password will be invalid, foiling the attempt.

Beware of phishing scams

And as usual, beware of phishing scams. Elaborate phishing scams that use fake login pages that look like the real deal are becoming more common.

This is why it's important to carefully check the addresses or URLs of the websites you visit, especially login pages.

Keep Passwords Separate for Each Account

This is recommended not only for your iCloud account but also for every other online account. Every password is best kept unique, rather than using the same password everywhere. When you use the same password for every account, hackers find it easy to attack you.

If one of your accounts is attacked, chances are the other accounts will not be safe for too long. On the other hand, having unique passwords for each account will keep the other accounts safe even if one of them is compromised.

Here are 5 password mistakes that will likely get you hacked.

Activate Two-Step Authentication

While this can't stop your lost iPhone from being reset, it does help protect all your data stored in your iCloud account. This includes pictures, emails and contacts.

When you have two-step authentication enabled, Apple will send you a passcode on your device to ensure it was you who requested access and not someone else. Even in the event of someone gaining access to your account, since they do not have passcode access to the data stored they will not be able to access said data.

Note: Although iCloud's two-step can protect your account, it has one glaring weakness. Click here to read more about it.

Read More

Take this Google quiz to see if you can spot phishing emails I got five correct out of eight. by Marrian Zhou

You're worried that you might get scammed online? If you aren't, you should be.

Jigsaw, a subsidiary of Google parent company Alphabet, on Tuesday introduced a quiz that tests whether you can spot a phishing email. The results point out how to identify possible scams.

Phishing emails are one of most common forms of online scams, according to Jigsaw's blog post.

They're fake emails that hackers and scammers use as bait to steal your passwords, information, money or items you've listed on e-commerce sites like eBay. In June, the FBI busted a major email fraud criminal ring that stole millions of dollars from businesses by targeting employees who had access to company finances. Phishing emails pretending that they're from Apple Support are also on the rise.

"We created this quiz based on the security trainings we've held with nearly 10,000 journalists, activists, and political leaders around the world from Ukraine to Syria to Ecuador," Jigsaw said in the blog post. "We've studied the latest techniques attackers use, and designed the quiz to teach people how to spot them."

The quiz will show you how to check email addresses and URLs to identify scams. In addition, you can check out CNET's tips for avoiding scams and find out what to do when you're scammed on e-commerce platforms.

Read More

Getting back up: How a broken Chromebook proves that Google wins the cloud Use anywhere, on anything by Ara Wagoner

When your computer is just a landing pad for your cloud connections, broken laptops aren't the end of the world. They're not even the end of your work day.

Ara Wagoner

29 Jan 2019

My primary computer — my practically perfect Pixelbook — is broken and likely going in for repairs later this week. Three years ago that would have terrified me, but today? Today, it's a mild annoyance, and that's mostly because I had to waste half a morning on a full-tilt System Recovery to prove my hardware issue to Google support. The spartan setup that made Chrome OS a godsend for enterprise and educators has given me the freeing realization that not even a broken computer can put a damper on my peace of mind — or my productivity.

If my Windows laptop needed to be sent off for repairs — or even just factory reset for troubleshooting purposes — backing up my data would eat at least half a day, and the factory reset and restoration of my apps and services would take the rest of the day and then some. Despite Windows increasing compatibility with cloud storage and syncing, the majority of your programs and data aren't easily backed up, and even once they are, restoring that data after a factory reset — and the hours of system updates that follow it — can eat hours and hours of time you could be working or redditing or living your life.

From writing a system recovery flash drive to wiping my Chromebook and getting set back up and troubleshooting the clean system, I needed less than an hour. Backing up my local files took 2 minutes — after all, just about the only locally stored files are in the Downloads folder — and my Chrome extensions like Auto Text Expander synced back up before I even finished logged into the freshly recovered Pixelbook. It was quick and it was as painless as starting over on a fresh machine could be.

Chromebooks are expendable by design, and that is indispensable.

For years, Google's touted the expendable nature of individual Chromebooks to system administrators and the board members that approve their G-Suite contracts: If your student/employee breaks their Chromebook, simply sign them into a new machine and they'll be back to work in minutes. This may feel like something you can only take advantage of if you have the luxury of owning multiple Chromebooks — I'm using a four-year-old Lenovo Chromebook while my Pixelbook is out of commission — but even if you only own one, this way of computing can save your deadline and your delicate sanity.

If someone walked in and Hulk-smashed your one and only Chromebook, you could go to any other computer in town — from Grandma's Gateway laptop to the public library's Chromebox lab to that 24-hour net cafe downtown that always smells like weed — and the second you signed into Chrome, you'd get back 70% of your normal setup. When my parents helped me move cross-country, my mother didn't bother bringing a laptop with her. She just signed into her accounts on my Chromebook, did her email checking and Facebook browsing, and then she signed out when she was done.

This versatility is doubly helpful for Chromebook troubleshooting and security. The vast majority of your Chromebook is already backed up, so if your Chromebook ever even starts to feel sluggish or "off" for any reason, you can Powerwash it as easily as a game of Solitaire, and in less time than a game of Solitaire. Chromebooks have become the go-to platform many international travelers turn to not just because they're easy to replace if someone steals it; they can Powerwash a Chromebook before and/or after they give it to Customs, ensuring that no one is snooping through their files or bugging their machines.

Before I ever call up the support line for my Chromebook, I can — and have — done every single troubleshooting step tech support could ask in the span of a lunch break. That shortens the support call and speeds along a warranty support claim, getting me back to work before I fall behind. This saves me — and the unfortunate support rep that takes my call — time and sanity, and it is a simple, speedy superpower that I've yet to see from any other platform.

Best of all, whether your Chromebook is out for repairs or simply gone forever, you can still get your work done on a loaner machine or a public machine while you're waiting for a replacement Chromebook to ship out to you. Your Chromebook is just a landing pad for your cloud connections and your Chrome browser settings, and you can re-establish those anywhere you, your internet, and your two-factor authentication codes are.

And that's just as amazing for you and your tech-illiterate uncle as it is for your overworked office sysadmin.

Read More

Why you need to buy smart bulbs now By Komando Staff, Komando.com

When researchers asked consumers if they use smart LED bulbs, only 11 percent said yes, but the majority -- 62 percent -- said they hadn't yet, but they could imagine using them. How about you? Are smart lightbulbs on your wish list?
Smart bulbs are internet-connected lightbulbs. They're among the most affordable smart devices on the market, so if you're new to connected devices and aren't sure if you like the idea, smart bulbs could be a good starting place. What do smart bulbs do? We'll tell you.

We have five reasons why you'll love smart bulbs like Philips Hue and Kasa Smart Bulb, including one that might surprise you. You can save money buying smart bulbs, rather than incandescent bulbs - keep reading and we'll tell you how.

Internet-connected lightbulbs can protect your home

Before we get into the great things that smart bulbs can do, we want to remind you that connected devices are vulnerable to hackers. Check your router's security settings. Make sure your wireless cameras are secure. And secure your home's Wi-Fi.

You control smart bulbs by downloading the manufacturer's app and installing it on your smart phone or smart device. After you pair your device with the lightbulb, you'll be able to turn the lights on when you're away, dim them, and set routines based on your time, location or other triggers.

You can hook some of them up to turn on when motion sensors are triggered. Your smart bulbs will light up your house to scare off would-be intruders.
6 smart home upgrades to help sell your house

Smart bulb mood settings

One of the coolest (or warmest?) features of smart bulbs is the rainbow of colorful settings. You can choose from a whole spectrum of whites, from cool fluorescent-like bright whites (which is great for finding a dropped contact lens) to warmer, softer whites that are better for reading.

If you live in an older home that doesn't have dimmer switches, you can use the smart bulbs and your smart devices to dim the bulbs; no need to hire an electrician to install dimmer switches or buy special lamps with dimmers.

Some bulbs, like the Lifx brand, can turn red, orange, yellow, green -- every color of the rainbow. You can also set lights to blink (great for parties) or toggle through colors. Lifx claims to have over 16 million colors!

Do smart bulbs save money?

You're not alone if you think it costs a lot of money to set up a smart lighting system in your home. You should be prepared to spend about $99 on a system like the Philips Hue A19 60W Equivalent LED Smart Bulb Starter Kit.

You can spend $20 or more for a set of smart bulb after that. That is true, but you might be surprised that you can save money over time with smart bulbs.

For one thing, there are more companies manufacturing them, which should force prices down. You can also buy smart bulbs like the Alexa-compatible Kasa smart light bulb that costs less than $20 and doesn't require you to set up a costly smart home hub.

More to the point, smart bulbs can save you money on your electric bill. It's estimated that you'll save $6 each year for each incandescent light bulb you replace with a smart LED bulb.
3 easy ways to get free and discounted smart home gadgets

Use your voice to control your bulbs

Your smart home and smart LED bulbs are increasingly compatible with smart speakers like Amazon's Alexa-enabled Echo and Google Home. You can set up your smart bulbs to turn on, turn off and dim with your voice -- "OK, Google, turn off the lights."

Use your smartphone to turn on your lights

You do just about everything imaginable with your smartphone - we all do! You're making calls for work.

You're getting alerts on your calendar for everything from picking up your kids from school to getting to the airport on time. If you have smart home gadgets like a thermostat, you're using your smartphone from anywhere in the world to adjust it.

You can do the same thing with your smart LED lights. You can use your phone to turn them on or off, so you're saving money on your electric bill, scaring away burglars or making your home warm and inviting for your grandkids, your dog sitter and you!

Source: Statista

5 reasons to 'get smart' about your thermostat

You're always cranking up your thermostat. Why is it so cold? Why is it so hot?
With record low temperatures this winter and soaring summer temps, it's no wonder you're constantly adjusting your thermostat. The problem is, you're also cranking up your electric bill.
We have 5 reasons you'll want to switch to a smart thermostat, including the convenience of letting it do the adjusting for you. But the biggest reason you'll want to switch is that it can help lower your electric bill.

Read More

HP’s Ink Subscription Has DRM That Disables Your Printer Cartridges by Josh Hendrickson

HP’s Ink Subscription Has D... by Josh Hendrickson on Scribd

Read More