iPhone and iPad Users Held to Ransom by Hacker in Australia
Update: Apple says iCloud security breach not to blame
Apple customers in Australia have found themselves locked out of their iPhones, iPads and Mac computers as a hacker holds them to ransom.
Multiple Apple customers in Australia have reported their iPhone, iPad and Mac computers being remotely locked before a message appears demanding a ransom be paid to unlock the devices again.
The hacker, who goes by the name Oleg Pliss, appears to have gained access to a database which contains Australian Apple users' account information, as almost all the reported incidents which have taken place so far are in Australia.
While most of the reports have been limited to Australia and some in New Zealand, there has also been a report from one UK user who has experienced the same issues.
On Apple's Support Forum, user Werewabbit said: "I live in the UK and this has also happened to me yesterday. Very worrying. And not a peep from Apple yet. I have managed to change all my account details and passwords, but just feels worrying."
iCloud
Owners of multiple Apple products have reported that all devices associated with their iCloud account have been disabled at the same time, indicating that the attacker uses the account credentials together with Apple's Find my Device feature to lock the devices, rather than needing to have malware installed on each device.
IBTimes UK has contacted Apple about the attacks and their source, but the company has yet to comment on the issue.
It is unclear whether the attacker gained access to a database of account information relating to Apple customers specifically or if they are using credentials stolen in another attack in the hope people have used the same email address and password combination for their iPhone account.
It means that the attack could be making up of one of the numerous security breaches reported on a daily basis where companies customer account information is compromised - with the attack on eBay reported last week being the latest high-profile incident.
Find my iPhone
The attacker is able to lock the phone by accessing Apple's Find my Device service available for iPhone, iPad, iPod touch and Mac computers.
The feature is a security measure designed to allow people who lose or have their devices stolen to remotely lock them to prevent anyone accessing their contents.
Those users who have set a passcode for their iPhone or iPad will be able to regain access however, and reset their iCloud account with a new password.
Those who have not set a passcode on their mobile devices are currently unable to regain access to their devices.
The messages which appear on the locked phones direct owners to send between $50 and $100 to a PayPal account associated with lock404@hotmail.com - though according to PayPal, no such account exists.
This latest attack is just another indication of why you should not use the same password/username credentials on multiple accounts, and why many believe the password system we use today is outdated.
If you haven't don't so already, it is highly advisable that you should set a passcode for your iPhone or iPad to add an extra layer of security.
© Copyright IBTimes 2024. All rights reserved.