Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Hackers use 'Find My iPhone' to lockout, ransom Mac and iOS device owners in Australia

Message from hacked iMac. | Source: The Age

Owners of Macs and iOS devices in Australia woke up on Tuesday to find their machines locked by Find My iPhone, with the nefarious hackers responsible demanding payment via PayPal before they return control.

A report from Australia's The Age, as well as multiple posts on Apple's Support Communities forum, confirmed a number of device owners were targeted in what appears to be a string of related "digital hijackings." As of this writing, iPhone, iPad and Mac owners in Queensland, New South Wales, Western Australia, South Australia and Victoria have been affected by the attack.

Those targeted in the attack said their devices alerted them to a "Find My iPhone" or "Find My Mac" remote lock, with many receiving an accompanying message reading "Device hacked by Oleg Pliss." The hackers responsible then directed owners to pay up to $100 for a device unlock.

According to reports, the hackers appear to have gained access to users' iCloud accounts as multiple devices show the same message simultaneously. It is unclear how this feat was accomplished, though password reuse is a likely scenario.

Savvy owners who set an access passcode for their computer or iOS device were able to regain control of their device following receipt of the message. Limited by design, Find My iPhone's functionality only allows users to set a password for devices that don't already have one logged.

Those owners who did not set a passcode prior to the hack were reportedly unable to take back their devices. Apple provides a support page that offers a workaround to the issue, though some users may have to contact customer support to completely solve the problem.

Along with protecting an iDevice with a password, owners can set up two-factor authentication, which sends a confirmation code to a trusted device before any account changes can be made.



31 Comments

SpamSandwich 19 Years · 32917 comments

Gotta use that 2-factor authentication, people!

AMcKinlay21 14 Years · 125 comments

Wish I could - but it still hasn't been extended to Belgium...

solipsismx 13 Years · 19562 comments

[quote name="SpamSandwich" url="/t/180116/hackers-use-find-my-iphone-to-lockout-ransom-mac-and-ios-device-owners-in-australia#post_2540111"]Gotta use that 2-factor authentication, people![/quote] And stop using the same password for every site. No matter how complex you think your password is if you use it for more than one account you continually add all those accounts to a pool of easily hacked account as soon as your own set of credentials is known. My gut says they had a "secure" password that they used with different services which is how there iCloud accounts were accessible to this criminals.

AMcKinlay21 14 Years · 125 comments

Quote:
Originally Posted by SolipsismX And stop using the same password for every site. No matter how complex you think your password is if you use it for more than one account you continually add all those accounts to a pool of easily hacked account as soon as your own set of credentials is known.

My gut says they had a "secure" password that they used with different services which is how there iCloud accounts were accessible to this criminals.

I no longer do this - the iCloud Keychain feature, with suggested passwords, in Mavericks/iOS 7 has been a God-send, sorry an Apple-send ;) - even under pain of torture, I have no clue what my passwords are...

en sabah nur 11 Years · 34 comments

Guys, can one of you please tell me in plain old English how to prevent this? My English and understanding of what's written in the article isn't what it's supposed to be. I have a pass code on my phone. Is that sufficient to prevent being hacked? Serious answers or replies please...