Australian Mac and iOS users find devices remotely locked, held for ransom (and how to keep yours safe)

Posted on Updated on


The Sydney Morning Herald reports that several Australian Mac, iPhone, and iPad users are finding that their devices have been locked remotely through Apple’s Find My iPhone service by someone using the name “Oleg Pliss.” The hacker (or hackers) then demand payments of around $50 to $100 to an anonymous PayPal account in order to restore the devices to their owners.

An active thread on Apple’s support forum was started yesterday as users started to discover that they had been targeted by the attack. According to that discussion, users are finding all of their devices locked at once rather than a single device per user. Based on that report and the fact that Find My iPhone is being used to hold the devices hostage, it seems likely that the perpetrator has gained access to these users’ iCloud accounts—possibly through password reuse by those users—rather than some device-specific malware or hack.

Because the hackers used Find My iPhone to lock out the victims, users who had set a passcode on their devices were able to regain access. This is because Find My iPhone can only be used to add a passcode to devices that don’t already have one set. If you’ve created a passcode on your device, you (or malicous users with access to your account) cannot change it from Find My iPhone. It can only be changed or removed directly from the device.

Unfortunately, users affected by this attack  will need to get in touch with Apple to work around the issue. It’s also highly advisable to reset your Apple ID password and security questions once you’ve regained access to the affected iCloud account.

For those who haven’t been affected, here are a few steps you can take to ensure you aren’t hit by a similar attack:

Use unique passwords. Using the same password on multiple services (iCloud, Gmail, Facebook, etc) put all of your accounts at risk. An attacker who gains your password for one service can then try it on the others. If you use the same password on some of them, they’ll have access to everything. One great way to ensure you’re using a unique password on each website is to use an app like1Password to manage them.

Use two-factor authentication. Two-factor authentication boosts your online security by requiring you to enter a time-sensitive code after logging in and before accessing your account. Not all web services offer this extra layer of security, but many do, including GmailFacebookTwitter, and yes, even your Apple ID. You can use an app like Google Authenticator or Authy to manage these codes, or get them via SMS.

Use a passcode or Touch ID on your iOS devices. If you’re not already using Touch ID or a passcode to secure your iOS devices, it’s a good idea to add one. That will prevent malicious users from remotely adding one to lock you out. As noted above, unprotected devices can be remotely locked, while devices secured with a passcode or Touch ID cannot.

Via 9to5mac.com

Written by:

Related articles


Apple aims to prevent misdirected text messages
Apple aims to prevent misdirected text messages
Woz to FCC: You’re supposed to be on the people’s side
Woz to FCC: You’re supposed to be on the people’s side
Apple to sign Kobe Bryant as spokesman?
Apple to sign Kobe Bryant as spokesman?
Power Poll Social All Articles https://applebytecrunch.wordpress.com/great-free-apps/gfa-gaming-zone/ ‎

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: