Apple users across the country have had their devices hacked and digitally held for ransom.
Apple is yet to respond to the issue, which has seen numerous customers locked out of their iPhone, iPad or Mac and receive a message asking for up to US$100 in return for unlocking the device.
The hack appears to be connected to Apple’s iCloud services and the Find My Phone application. As discussed at length in the Apple support forums, if the device did not have a passcode, the attacker seems to have used the ‘Lost Phone’ function on Find My Phone to lock the user out.
The message appeared on many Australian’s devices early yesterday morning, saying it had been “hacked by Oleg Pliss”, likely a fake name, and demanding cash be transferred via a voucher code.
Sunshine Coast resident Anita Gustavsson says her iPhone was hacked early yesterday morning.
“It had a message on the front screen saying it had been hacked by Oleg Pliss, who is a software engineer and they’re obviously just using the name as a ruse,” she said. “It was asking for a payment of $50 into a PayPal account. When you swiped the phone to open it up it had a PIN code on it and it was locked. That was it, you couldn’t do anything with your phone.”
Numerous people took to the Apple forums and social media to vent their frustrations at the hack.
IT security expert Troy Hunt told Catalyst it’s unusual for a hack to be contained to only Australia.
“The really interesting thing about it is it seems to be almost entirely localised to Australia, which is unusual for such a globalised service,” Hunt said. “The fact that all the noise is coming from here obviously indicates that there is some sort of correlation with some other event or some other vulnerability down here.”
Hunt said it is very concerning if hackers have in fact obtained information stored on iCloud.
“If it has compromised iCloud, and with people backing up to iCloud, then what information does that give the attacker?”
Apple has not responded to the hack, although Hunt said this is not unusual for the tech giant.
“Apple is notoriously secretive about everything,” he said. “In this case I don’t find their reaction surprising, but I think that their ongoing silence and lack of public statement is going to get detrimental as this keeps gathering momentum.”
In recent hours, a number of Australian Apple users have reported the ransom attack targeting their devices. Affected users are advised to change your Apple ID password as soon as possible. Users not affected may also consider changing their Apple ID password as a precaution. Affected users should contact Apple directly for more information. Apple has been able to help affected users recover their devices.
Many are speculating that this could be related to data leaks at Adobe last year or eBay last week, but Hunt said this is unlikely.
“I doubt Adobe insofar as it was back in November, you would think that it might have been exploited earlier,” he said. “In the case of eBay, we don’t know the details, but I highly suspect the passwords were stored pretty securely, and of course the other thing was that it was never released publicly. There’s no Australia correlation with those two events, so that’s why I’m suspicious of those.”
The hacking seems to be a form of ‘ransomware’, where attackers restrict access to a device and demand money for these restrictions to be removed.
“The concept of ransomware is not new,” Hunt said. “But this is the first time that I can think of where we’ve actually seen it applied to phones in this way.”
Hunt has three pieces of simple advice for Apple users in Australia:
Make a strong, unique password for your iCloud account. That’s a pretty easy one, something people can do right now. The really critical point there is to not have it be a reused password.
Turn on two-factor authentication. The only problem with that is Apple is a bit unique in this regard and they make it a three day process.