Owners of iPhones and iPads have been warned to change their passwords after a hacker began targeting the devices and demanding a ransom to unlock them again.
Dozens of devices across the world have been disabled by the cyber criminal, ‘Oleg Pliss’, who has tried to blackmail users at £55 a time.
The attacks began in Australia and New Zealand, but there were signs last night that they were spreading to Britain and the US as victims began flooding Apple’s community support forum with complaints.
Werewabbit wrote: ‘I live in the UK and this has also happened to me yesterday. Very worrying. And not a peep from Apple yet.’
Davefromtas added: ‘We were also woken up at 3.30am by all devices blaring like a fire alarm.
‘The message on our devices was the same as those already posted.’
David Emm, from digital security firm Kaspersky Lab, said: ‘It seems likely that cybercriminals gained access to Apple ID credentials, for example by using phishing e-mails targeting Apple IDs.
‘By using the credentials to access an Apple iCloud account, the attackers can enable the ‘Find My iPhone’ service.’
The tech giant is yet to comment on the attacks.
Some iPhone, iPad and Mac users are reporting their devices have been compromised, with a message appearing that locks owners out and demands a US$100 ransom be sent to the hackers over PayPal. While the cause of the vulnerability hasn’t yet been established, there’s one common factor: it looks like every hacked device was sold in Australia.
iTnews reports that the ransomware appeared in the last few days, with some some threads on Apple’s support forum and Whirlpool detailing the problem. The original post from user ‘veritylikestea’ in Melbourne on Apple Support Communities best describes the issue:
i was using my ipad a short while ago when suddenly it locked itself, and was askiwhich I’d never previously set up. I went to check my phone and there was a message on the screen (it’s still there) saying that my device(s) had been hacked by ‘Oleg Pliss’ and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail.com) to return them to me.
Other users on the support forum describe seeing a similar message on their iPhones and iPads, and some Mac laptop and desktop users have similar experiences. It’s not immediately obvious how the attacker has accessed these devices, since there is no unifying factor beyond them all being Apple and using iCloud, but it seems like Find My iPhone is being used to remotely lock devices and display the ransom message.
Some Whirlpool commenters are theorising a man in the middle attack has intercepted traffic between Apple devices and servers through certain ISPs, while others are blaming poor password security or a compromised password database in a third-party website that has matched some users’ details to their iCloud accounts. We’ve reached out to Apple for comment on the issue.
Until there’s some explanation, to avoid falling victim to this possible attack, it’s a good idea to change your Apple password to a strong and unique one, use a passcode on the device itself (or Touch ID on an iPhone 5S), and enable app- or SMS-based two-factor authentication on any online accounts that can use it, like Facebook, Google and Twitter.