Apple device owners in Australia are receiving ransom demands from hackers according to an Apple Support forum post, with hackers demanding payment before they allow owners to take back control of their iPhone, iPads and iPods.
Posts in the forum suggest that Apple devices in Queensland, New South Wales, South Australia and Victoria have been hacked, but also devices overseas, with one poster referring to their location in Toronto.
The message reads:
“Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to email:email@example.com for unlock.”
It appears that the hack has been made via iCloud. The hacker has then switched the iOS devices to lost mode, hence the lock. Those who have a password on their device can unlock them, while those who do not, cannot.
You should change your Apple ID password on a desktop. If you do not have a passcode on your device, the hacker has most likely added their own, so you should then plug the device into the desktop, open iTunes and perform a backup and restore.
The restore will reset your iOS devices and give you the option of starting with a fresh device or restoring a backed up version.
The issue does not appear to involved Australian telcos, but rather Apple itself.
The hacker, who named him/herself Oleg Pliss – a software engineer at Oracle, is demanding US$100 to unlock the devices sent to firstname.lastname@example.org.
Message received on an iMac. Image from amberoonie.
One poster in the Apple forum, Andrew Rutherford, wrote:
“Given this seems to be happening mainly in Australia/New Zealand, I suspect a man-in-the-middle attack (a bit like the idoulCi hack) where someone has redirected internet traffic from some ISPs in Australia/NZ to a server that’s doing the nasty. There’s very little checking in many of the peering fabrics used by ISPs to transfer domestic traffic to each other, it would only take one ISP to be hacked and insert a route saying “Apple this way!” to a single peering fabric to steal 30 percent-plus of customers in Aus/NZ.
“That said, as we should in these circumstances, we have changed passwords on all accounts to new strong random passwords, just in case someone has hacked Apple and retrieved passwords.”
Another poster, TallPete, says:
“This is interesting, however, the attacker was only demanding $100 per client or something. The attacker will have claimed $0 at the moment! Not much reward. So it isn’t going to be a sophisticated attack. Hacking an ISP is a sophisticated attack. Hacking Apple is a sophisticated attack. If you knew how to attack either of these reliably, then you wouldn’t waste it setting iDevices to lost.
“If it isn’t a password attack, then I would go the next simplest with mums and dads – routers using default passwords. Although how to man-in-the-middle redirected SSL traffic to get the passwords remains unsolved. But I still think password reuse is far far more likely.”
More to come…