A mysterious new scam has emerged targeting Antipodean iPhone, iPad and iMac users by locking their devices via “Find My iPhone” technology and holding them to ransom.
Users from Down Under have flooded the Apple support forum in search of answers after they found their device locked with a message on the screen that it had been “hacked by Oleg Pliss” and that it would take a PayPal money transfer to rectify.
It’s still unclear how the attackers managed to lock the accounts in question, or why those affected seem to be limited to a specific geographic region.
However, one common theory is that the hackers managed to access Apple accounts because certain users shared the same credentials across multiple accounts, some of which may have been exposed in the past.
Apple seems to be hinting at this with the following statement:
“Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."
Security researcher Graham Cluley advised Apple users to switch on two-factor authentication.
“Two-factor authentication (sometimes called two-step verification) makes life much harder for hackers attempting to hijack control of your accounts and devices, as it means they require more than just your username and password,” he wrote on the Intego Mac Security Blog. “They also need a one-time password (OTP) that is sent to your device itself.”
Cluley recommended affected users erase their device using Recovery Mode and restore from a backup by connecting to iTunes.
Paco Hope, principal consultant at app security consultancy Cigital, also pointed to user error in sharing the same access credentials across multiple accounts.
“It is high time for services and applications to promote password diversity by reminding people not to reuse a password from another site,” he added.
“Likewise, more operating environments need to adopt secure keychains, storage, or other features that are integrated by default and help the user do the right thing.”