Apple iPhones, iPads Hacked in Australia: Hacker Turned 'Find My iPhone' Security Feature Against Users
Apple users in Australia were hit by a massive late-night hack that took control of their iPhones, iPads, and even some Mac computers, demanding ransom to unlock the devices again. The "digital kidnapping" seems to be taking advantage of Apple's Find My iPhone feature, turning the security software against its owners.
Unlucky Aussies started reporting that their Apple devices woke them up last night with what equates to a ransom note that read:
"Hacked by Oleg Pliss. For unlock device YOU NEED send voucher code by 100 $/eur one of this (Moneypack/Ukash/PaySafeCard) to helplock@gmx.com"
Or some variation of that. Some reported only being asked to pay $50 in ransom to unlock their phones.
Right now, it appears that the iPhone lock hack has only affected Apple users in Australia and New Zealand, though some Australian users out of the country and some from outside Australia who are currently in that country have reported being affected as well. According to Time, at least one person in the U.S. with no ties to Australia or New Zealand has claimed their Apple device was compromised, too. However, it doesn't seem to be a common problem in the U.S. (at least not yet).
How This Happened: Competing Theories
No theories about how the hack happened have been confirmed, and Apple hasn't commented publically on the situation. But there's strong evidence that whoever "Oleg Pliss" is must have gotten their hands on the iCloud usernames and passwords of those affected by the hack -- in order to remotely lock the Apple devices using the "Find My iPhone" feature.
How "Pliss" got the iCloud information is currently a matter of great speculation and debate. There are a few possibilities being discussed right now: phishing, an exploit of iCloud server vulnerabilities, and a hack of an Australian ISP.
The phishing theory is perhaps the weakest. Phishing is a common hacking tactic that exploits peoples' gullibility rather than a technological vulnerability. A typical phishing scam involves sending out mass emails claiming to be the company you want to hack, asking users to enter their login information in order to secure the account, win a prize or a similar incentive. Once the user clicks the link and fills in their information, they're vulnerable to an attack.
This theory doesn't explain why the Apple hack has occurred to only those with ties to Australia. If it were indeed a phishing scam, one would expect a small percentage of Apple users around the globe, or at least in English speaking countries, to fall victim to "Oleg Pliss"
Another speculative theory is that Apple's iCloud servers might have been compromised. But Apple has usually gotten high marks for its cyber security measures: iCloud data, for example, is encrypted both ways, and Apple even added a two-step verification option last year. Also, the fact that it's only affected user in Australia makes this theory a little less plausible, because if a hacker had truly found a vulnerability in Apple's iCloud servers that has never before been noticed or exploited, you would think they'd try to make the cyber attack as widespread as possible, since Apple is undoubtedly furiously looking for cracks in their cyber security to patch as you read this.
The most plausible theory right now is that the hacker attacked an Australian ISP (or several) and effectively eavesdropped on users' communications as it passed from Apple users through the ISP to their iCloud server. Such an attack is called a "man-in-the-middle attack," which can take advantage of open WiFi systems, ISPs, and any other vulnerable service that passes data along the Internet. But this, too, has some problems, the most obvious being that users across Australia and some reportedly in New Zealand have been affected. The hacker would have had to compromise multiple ISPs across the country, and since some Australians outside of the country have also reported being affected, the hacker would have had to have accessed and mined this information for long time before striking.
Protect Yourself
For those who have been hit with the iPhone lock hack, you can use your four-digit passcode to unlock your device (do not send money to "Oleg"!). If you never set up a four-digit passcode, you can connect your Apple device to a computer and restore it using iTunes. Unfortunately, any data on your iPhone or iPad that hasn't been backed up will be lost. Apple's instructions are available here.
If you aren't affected by the iPhone lock hack but have an Apple device with an iCloud account and "Find My Phone" enabled, it's time to change your password, just in case this cyber attack starts spreading outside of Australia. Go to iforgot.apple.com to change it, and for goodness sake, use a long, unique, and strong password.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!