WATERLOO — Kapil Haresh Vigneswaren was just scribbling in a University of Waterloo lab, trying to finish a grad student assignment on cryptography and network security.
That’s when the tinny little red-alert klaxon in his nearby iPhone went off.
The Sunday quiet on that quite July day was pierced by whining weirdness.
“That’s odd,” the 22-year-old Malaysian thought to himself.
“My phone is in ‘silent’ and I’m not initiating the alert sound. So why is it going off?”
Because his Find My iPhone feature had activated. Just not by him. He wasn’t even holding his phone. He had to walk a few confused steps to find it, the alert chimes guiding his stroll.
He dismissed the alert. It reappeared an instant later. This was trouble. His phone was in “lost” mode.
A message on the screen playfully taunted him.
Hey why did you lock my iPhone ha-ha. Call me. 1(234)567-890
Vigneswaren quickly realized he was being hacked. The phone number, with its obvious Sesame Street construction by The Count himself, felt vampire phoney.
Hackers were trying to put the byte on him and remotely wipe his devices.
Was this a cruel and ironic joke? Vigneswaren had done his undergrad studies in computer science — specifically digital system security and software engineering at the University of Wollongong in Australia.
Cryptography. Security. Privacy. Human computer interaction. Those are his specialties.
This was like the overconfident television culprit tugging on detective Columbo’s shabby old raincoat. This was like unknown upstart yanking on Usain Bolt’s racing bib in the Olympic semifinal in Rio. You can’t win. You’re better off not even messing with the dude.
Sure, the hackers obviously got his password somehow. But Vigneswaren wasn’t helpless. He let his experience and knowledge guide his response with Bolt-like speed. He cut the invisible cord between his somewhere-in-the-world tormentors before they could make the final moves to wipe out his phone and electronically-tethered laptop.
He turned off Wi-Fi and data service on his phone and computer.
“They all went dark,” he said on Thursday, recounting his story before class.
“I was lucky. All of my stuff was next to me.”
The hackers had done too much digital dilly-dallying before they could mischievously wipe out the memory on the devices.
They got caught monologuing like a gloating comic-book villain explaining their dastardly scheme while the hero escapes.
The gotcha-alert they triggered for kicks gave Vigneswaren the time to thwart their plans.
He went online on another computer, logged into his iCloud account and changed his password. He also defused two pending commands to wipe out his devices.
The digital day was saved.
The Find My iPhone feature, he says, gave hackers an easier path into his devices without a double-level of security to sneak through.
So listen for the Find My iPhone alert. Be wary if you hear one unexpectedly.
And what about that assignment on cryptography and network security that Vigneswaren was working on when hackers struck? It was never in danger.
“I was doing it by hand,” he said.