Apple device ransom attack spreading - change your passwords
Posted by: Jon Ben-Mayor on 05/29/2014 03:01 AM
[
Comments
]
Apple device owners that also utilize an iCloud account are being urged to change their passwords after reports from Australia detail multiple account hijackings; now it appears that these attacks may have spread to the US as well.
Currently there is only speculation about how the attacks have been carried out. Apple has not yet responded officially.
Reports by affected users suggest that this attack is possibly the result of hackers compromising the device owner’s Apple ID and using this to access their iCloud account. From their iCloud account a hacker can activate the device’s ‘Lost Mode’, and possibly reset the phone’s access code.
At present many users are reporting that their phones or systems lock unexpectedly, they receive an email from ‘Find My iPhone’ and a message on their screen stating that their device has been, ‘Hacked by Oleg Pliss’. The message said that to unlock their device they should pay a ransom via PayPal, emailing the payment code to lock404[a]hotmail.com.
It is not confirmed if or how these Apple IDs and passwords were accessed, but suggestions include that hackers may be simply reusing information they may have discovered during a breach of other online services. Unfortunately, many people still commonly reuse the same password for many of their online accounts.
A hacker with access to your Apple ID can potentially lock any device associated with it remotely, they can see data you have stored in iCloud, access your Apple Store purchases and potentially set up two-step verification (also known as two-factor authentication) on your device, locking you out of your phone completely, and even remotely erase your device.
It is reported that affected users did not previously have two-step verification enabled on their devices.
Apple issued a statement to Fairfax Media in Australia noting that its iCloud service had not been compromised, but impacted users should immediately "change their Apple ID password and avoid using the same username and password for multiple services".
Apple, to date, has not officially commented on the attacks spreading within the US - Note that the reports of users in the US seem to have only been made on the Apple Community page with people asking for help on how to go about fixing the problem and venting frustration.
Update:
Apple finally made a statement regarding the hack: “Apple takes security very seriously and iCloud was not compromised during this incident, impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.”
Currently there is only speculation about how the attacks have been carried out. Apple has not yet responded officially.
Reports by affected users suggest that this attack is possibly the result of hackers compromising the device owner’s Apple ID and using this to access their iCloud account. From their iCloud account a hacker can activate the device’s ‘Lost Mode’, and possibly reset the phone’s access code.
At present many users are reporting that their phones or systems lock unexpectedly, they receive an email from ‘Find My iPhone’ and a message on their screen stating that their device has been, ‘Hacked by Oleg Pliss’. The message said that to unlock their device they should pay a ransom via PayPal, emailing the payment code to lock404[a]hotmail.com.
It is not confirmed if or how these Apple IDs and passwords were accessed, but suggestions include that hackers may be simply reusing information they may have discovered during a breach of other online services. Unfortunately, many people still commonly reuse the same password for many of their online accounts.
A hacker with access to your Apple ID can potentially lock any device associated with it remotely, they can see data you have stored in iCloud, access your Apple Store purchases and potentially set up two-step verification (also known as two-factor authentication) on your device, locking you out of your phone completely, and even remotely erase your device.
It is reported that affected users did not previously have two-step verification enabled on their devices.
Apple issued a statement to Fairfax Media in Australia noting that its iCloud service had not been compromised, but impacted users should immediately "change their Apple ID password and avoid using the same username and password for multiple services".
Apple, to date, has not officially commented on the attacks spreading within the US - Note that the reports of users in the US seem to have only been made on the Apple Community page with people asking for help on how to go about fixing the problem and venting frustration.
Update:
Apple finally made a statement regarding the hack: “Apple takes security very seriously and iCloud was not compromised during this incident, impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.”
Comments
