The Sydney Morning Herald reports that several Australian Mac, iPhone, and iPad users are finding that their devices have been locked remotely through Apple’s Find My iPhone service by someone using the name “Oleg Pliss.” The hacker (or hackers) then demand payments of around $50 to $100 to an anonymous PayPal account in order to restore the devices to their owners.

An active thread on Apple’s support forum was started yesterday as users started to discover that they had been targeted by the attack. According to that discussion, users are finding all of their devices locked at once rather than a single device per user. Based on that report and the fact that Find My iPhone is being used to hold the devices hostage, it seems likely that the perpetrator has gained access to these users’ iCloud accounts—possibly through password reuse by those users—rather than some device-specific malware or hack.

Because the hackers used Find My iPhone to lock out the victims, users who had set a passcode on their devices were able to regain access. This is because Find My iPhone can only be used to add a passcode to devices that don’t already have one set. If you’ve created a passcode on your device, you (or malicous users with access to your account) cannot change it from Find My iPhone. It can only be changed or removed directly from the device.

Unfortunately, users affected by this attack  will need to get in touch with Apple to work around the issue. It’s also highly advisable to reset your Apple ID password and security questions once you’ve regained access to the affected iCloud account.

For those who haven’t been affected, here are a few steps you can take to ensure you aren’t hit by a similar attack:

Use unique passwords. Using the same password on multiple services (iCloud, Gmail, Facebook, etc) put all of your accounts at risk. An attacker who gains your password for one service can then try it on the others. If you use the same password on some of them, they’ll have access to everything. One great way to ensure you’re using a unique password on each website is to use an app like 1Password to manage them.

Use two-factor authentication. Two-factor authentication boosts your online security by requiring you to enter a time-sensitive code after logging in and before accessing your account. Not all web services offer this extra layer of security, but many do, including Gmail, Facebook, Twitter, and yes, even your Apple ID. You can use an app like Google Authenticator or Authy to manage these codes, or get them via SMS.

Use a passcode or Touch ID on your iOS devices. If you’re not already using Touch ID or a passcode to secure your iOS devices, it’s a good idea to add one. That will prevent malicious users from remotely adding one to lock you out. As noted above, unprotected devices can be remotely locked, while devices secured with a passcode or Touch ID cannot.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

15 Responses to “Australian Mac and iOS users find devices remotely locked, held for ransom (and how to keep yours safe)”

  1. The thing is people think that in order to get hacked there should be hundred pages of coding and all. But I am sure the person who locked these devices just used a few basic passwords or knew the victims in a way that he could guess their password. I have been using Apple’s password generator which gives you the option to choose the length of your password and gives you an easy to memorize password which is so unique yet so strong. A password like this: Karma133][shay. Don’t use passwords that can be psychologically guessed and in stuff that matter don’t use basic passwords. Thats all.


    • crisrod63 says:

      Nope, they are speculating that it was connected to the e-bay hacking. Conjecture has victims using the same credentials for e-bay as they did for there Apple ID. Even easier that what you describe.


  2. That’s nightmare … iCloud can be boomerang for apple users …


  3. Though we don’t know for sure what the root cause of this is, perhaps related to the recent hacking of iCloud (who knows for now), one thing is for sure…

    People, PUT A PIN LOCK on your phones! And DON’T make them 1234 or something equally as stupid!


    • stevenjklein says:

      Edison makes reference to “the recent hacking of iCloud.” I follow Apple security issues closely, and I’ve yet to see a single verified report of iCloud being hacked.

      Yes, individual users have been attacked because they allowed their login credentials to be compromised, but that’s not an iCloud issue. (If you give away the key to the lock on your front door, and someone uses it to steal your stuff, that’s not the fault of the lock.)


  4. This just looks like simple lazy passwords. i’m sure it’s happening to many others who don’t use Apple device too only that won’t get reported because “random Android/Windows device HACKED!” doesn’t have the same headline grabbing wow factor as “Macs and iOS Devices HACKED!”, yet on closer inspection they’re… not.

    It still sucks for these people, but no matter how easy companies make it for you to create good, strong passwords most still won’t bother because they’re lazy.


  5. Edas Haha says:

    Please be reminded that 2-step verification is available to a very limited number of countries only.


  6. Andrew John says:

    Considering that eBay had its servers hacked last week, it seems like someone has harvested email addresses and passwords from a server somewhere. And people being lazy as they are these days, wouldn’t surprise me that they use the same details to log into other sites. So they don’t use pass locks, or security verification systems, or even use specific passwords for critical accounts, this does not surprise me at all.


    • herb02135go says:

      Another good option is to avoid cloud storage.
      All it does is make you continually pay ransom (sorry, I meant subscription fees) and allows manufacturers to raise prices while offering less storage.


    • It wasn’t last week, it was the end of February, start of March. They just came out and told the world last week. We heard about it when it happened at work (we sell stuff on Ebay, amongst other places) but we didn’t know about the scale of it until last week.

      Still quite possible though. There’ll be a lot of overlap with users using the same email/password combos I bet.


  7. Jim Phong says:

    This can’t happen if the device was not jailbroken. No hacker could put any message claiming to have hacked a iOS device that was without jailbreak.


    • You’re a complete idiot, a troll, or simply misunderstood.
      Basically in iCloud you can send a personal message such as “Phone lost: please return to xxxxx address” but instead has been replaced with “Hacked by Ogel Pliss…”


  8. Make your mac or phone run in stealth mode and change your host-file. normal host file is about 365 bytes; mine is 6 MBytes…never have any problems


  9. Kim Lucus says:

    I don’t think setting a password makes everything go off beautifully. Some hackers easily gain access to Wi-Fi connected iPhone when it’s jail-broken if they try the default root password, 80% jailbreakers know nothing about the root password configuration after their jailbreak!!! Some users even install spy apps like ikeymonitor to steal unlock pass-code when the device is jailbroken. We are not living in a safe world protected by password.

    But it is at least safer than no password. In normal cases, password is a protective and useful shield, even if it is weak to some extend..