or Connect
AppleInsider › Forums › General › General Discussion › Hackers use 'Find My iPhone' to lockout, ransom Mac and iOS device owners in Australia
New Posts  All Forums:Forum Nav:

Hackers use 'Find My iPhone' to lockout, ransom Mac and iOS device owners in Australia

post #1 of 32
Thread Starter 
Owners of Macs and iOS devices in Australia woke up on Tuesday to find their machines locked by Find My iPhone, with the nefarious hackers responsible demanding payment via PayPal before they return control.


Message from hacked iMac. | Source: The Age


A report from Australia's The Age, as well as multiple posts on Apple's Support Communities forum, confirmed a number of device owners were targeted in what appears to be a string of related "digital hijackings." As of this writing, iPhone, iPad and Mac owners in Queensland, New South Wales, Western Australia, South Australia and Victoria have been affected by the attack.

Those targeted in the attack said their devices alerted them to a "Find My iPhone" or "Find My Mac" remote lock, with many receiving an accompanying message reading "Device hacked by Oleg Pliss." The hackers responsible then directed owners to pay up to $100 for a device unlock.

According to reports, the hackers appear to have gained access to users' iCloud accounts as multiple devices show the same message simultaneously. It is unclear how this feat was accomplished, though password reuse is a likely scenario.

Savvy owners who set an access passcode for their computer or iOS device were able to regain control of their device following receipt of the message. Limited by design, Find My iPhone's functionality only allows users to set a password for devices that don't already have one logged.

Those owners who did not set a passcode prior to the hack were reportedly unable to take back their devices. Apple provides a support page that offers a workaround to the issue, though some users may have to contact customer support to completely solve the problem.

Along with protecting an iDevice with a password, owners can set up two-factor authentication, which sends a confirmation code to a trusted device before any account changes can be made.
post #2 of 32
Gotta use that 2-factor authentication, people!

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #3 of 32
Wish I could - but it still hasn't been extended to Belgium...
post #4 of 32
Quote:
Originally Posted by SpamSandwich View Post

Gotta use that 2-factor authentication, people!

And stop using the same password for every site. No matter how complex you think your password is if you use it for more than one account you continually add all those accounts to a pool of easily hacked account as soon as your own set of credentials is known.

My gut says they had a "secure" password that they used with different services which is how there iCloud accounts were accessible to this criminals.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #5 of 32
Quote:
Originally Posted by SolipsismX View Post


And stop using the same password for every site. No matter how complex you think your password is if you use it for more than one account you continually add all those accounts to a pool of easily hacked account as soon as your own set of credentials is known.

My gut says they had a "secure" password that they used with different services which is how there iCloud accounts were accessible to this criminals.

I no longer do this - the iCloud Keychain feature, with suggested passwords, in Mavericks/iOS 7 has been a God-send, sorry an Apple-send ;) - even under pain of torture, I have no clue what my passwords are...

post #6 of 32
Guys, can one of you please tell me in plain old English how to prevent this? My English and understanding of what's written in the article isn't what it's supposed to be. I have a pass code on my phone. Is that sufficient to prevent being hacked? Serious answers or replies please...
post #7 of 32
Quote:
Originally Posted by En Sabah Nur View Post

Guys, can one of you please tell me in plain old English how to prevent this? My English and understanding of what's written in the article isn't what it's supposed to be. I have a pass code on my phone. Is that sufficient to prevent being hacked? Serious answers or replies please...

This was unauthorized access to a user's iCloud account. That username and password can be used to lock,erase or put a message on your iPhone if you have Find My iPhone enabled. iCloud is what they gained access to, not the iPhone directly. They had their password so they changed their password on iCloud, which prevented them from accessing it again, which also prevents emails, iMessages, FaceTime, and even iTunes Store account from working.

1) You need to go to the site below and set up 2-step authentication.

2) You need to make sure you don't use your iCloud password with any other sites.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #8 of 32
Quote:
Originally Posted by SolipsismX View Post

This was unauthorized access to a user's iCloud account. That username and password can be used to lock,erase or put a message on your iPhone if you have Find My iPhone enabled. iCloud is what they gained access to, not the iPhone directly. They had their password so they changed their password on iCloud, which prevented them from accessing it again, which also prevents emails, iMessages, FaceTime, and even iTunes Store account from working.

1) You need to go to the site below and set up 2-step authentication.

2) You need to make sure you don't use your iCloud password with any other sites.


Thanks SolipsismX!! Reading the article I got really worried and concerned considering I have very limited understanding of all this tech stuff.
post #9 of 32

Two step authentication is not changing anything. The apple discussion forum thread  show there have  been cases today where the password has been changed by apple and then the devices re locked. Something bigger is going on and its localised to Australia. 

Heaps of 68K and PPC Macs. Macbook Pro 13 Inch 2012. iPad 2. iPhone 4. 

Reply

Heaps of 68K and PPC Macs. Macbook Pro 13 Inch 2012. iPad 2. iPhone 4. 

Reply
post #10 of 32
Quote:
Originally Posted by oldmacs View Post
 

Two step authentication is not changing anything. The apple discussion forum thread  show there have  been cases today where the password has been changed by apple and then the devices re locked. Something bigger is going on and its localised to Australia. 

What me worry. It just works and Apple is secure as fort Knox isn't it ?

post #11 of 32

My Ebay password was different to my iCloud password.

 

That could explain why I wasn't affected.

 

I also password lock all my devices and use multiple email accounts.

 

Strange that it's only happening here in Australia.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #12 of 32
It will spread, dont worry.
Shame to Apple there is no two-factor auth in all EU countries.
post #13 of 32

We are a European Union after all, are we not. I know that we don't yet have the Digital Single Market, nevertheless it shouldn't be to difficult to approve more EU carriers for the SMS facility that is tied to 2-step authentication? Or am I missing something...

post #14 of 32
Quote:
Originally Posted by ombra2105 View Post
 

We are a European Union after all, are we not. I know that we don't yet have the Digital Single Market, nevertheless it shouldn't be to difficult to approve more EU carriers for the SMS facility that is tied to 2-step authentication? Or am I missing something...

It doesn't have anything to do with politics unless I am very mistaken. Apple is a US company and the rest of the world is not firmly in their crosshairs.

post #15 of 32
Quote:
Originally Posted by Taniwha View Post
 

It doesn't have anything to do with politics unless I am very mistaken. Apple is a US company and the rest of the world is not firmly in their crosshairs.

 

You're absolutely right that it has nothing to do with politics, it was more of a general comment on the disparity in terms of availaibility of Apple's online services throughout the EU.

post #16 of 32
Quote:
Originally Posted by ombra2105 View Post
 
Quote:
Originally Posted by Taniwha View Post
 

It doesn't have anything to do with politics unless I am very mistaken. Apple is a US company and the rest of the world is not firmly in their crosshairs.

 

You're absolutely right that it has nothing to do with politics, it was more of a general comment on the disparity in terms of availaibility of Apple's online services throughout the EU.

But then it seems that whatever policy Apple follows (and I don't think anybody really knows what that might be) to determine which services will be made available, is treated on a country-by-country basis. I don't think Apple regards the EU as a unit, which is actually quite understandable in regard to the national laws,regulations and customs/culture that Apple has to deal with. Also I think that there are often copyright and licensing or contractual arrangements with Carriers/ISPs that probably are not negotiated EU wide. I dunno, but it looks like that is the case.

post #17 of 32

I've not been affected as I live in the UK.

 

However, I've just enabled two-step authentication anyway... ;)

post #18 of 32
Quote:
Originally Posted by Taniwha View Post
 

It doesn't have anything to do with politics unless I am very mistaken. Apple is a US company and the rest of the world is not firmly in their crosshairs.

 

Yay, Australia, all the way with LBJ, is really paying off.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #19 of 32
The weakest link will always be the human element.
post #20 of 32
Quote:
Originally Posted by ombra2105 View Post
 

I no longer do this - the iCloud Keychain feature, with suggested passwords, in Mavericks/iOS 7 has been a God-send, sorry an Apple-send ;) - even under pain of torture, I have no clue what my passwords are...

I would love to except I can't use it on Windows, which is my primary machine I use at home.  

post #21 of 32

1 total case reported doesn't make this a story people. Just 1 person reported this. This is sensationalism from whomever wrote this.

Make sure your password is decent and move along people, nothing to see here.

post #22 of 32
Quote:
Originally Posted by b9bot View Post

1 total case reported doesn't make this a story people. Just 1 person reported this. This is sensationalism from whomever wrote this.
Make sure your password is decent and move along people, nothing to see here.

Umm, it's being reported by more than one person.
https://discussions.apple.com/thread/6270410?start=0&tstart=0
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #23 of 32

Every single day hundreds of people get their bank accounts hacked because someone got their user ID and password and proceeded to transferred money out. Several billion dollars worth.

 

Yet where are the news reports when this happens? I guess if the person doesn't have "Jobs" or "Apple" in their name, it's not newsworthy. But a small number of people lose their Apple ID and suddenly it's front page news.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #24 of 32
Quote:
Originally Posted by oldmacs View Post

Two step authentication is not changing anything. The apple discussion forum thread  show there have  been cases today where the password has been changed by apple and then the devices re locked. Something bigger is going on and its localised to Australia. 

Password was more than likely changed by the hackers not Apple. The victims are likely reusing passwords so they get phished on say Facebook and that's their iCloud also. Hackers remote lock phone to force a DFU and change iCloud to activation lock the phone. With luck they find someone using the same password for email also so they can change that and really mess folks up

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #25 of 32

A big corporation like Apple should have a SWAT style security team, a rapid response assault team, ready to go anywhere on the planet and hunt down any hackers that are a threat to Apple and its' users and either apprehend them or eliminate them, based on the circumstances.

 

Yeah, I know it's probably not exactly legal, I was just saying what I wish that Apple had.

post #26 of 32
Quote:
Originally Posted by charlituna View Post

The victims are likely reusing passwords so they get phished on say Facebook and that's their iCloud also. 

 

If that's the case, then those users are morons. That's like security 101, never use the same damn password across multiple sites. Neither Apple or anybody else can be held responsible for the actions of morons.

 

If somebody forgets to lock the door to their house, then whose fault is that?

post #27 of 32
Quote:
Originally Posted by Taniwha View Post
 

What me worry. It just works and Apple is secure as fort Knox isn't it ?

No one know what 

Quote:
Originally Posted by Taniwha View Post
 

What me worry. It just works and Apple is secure as fort Knox isn't it ?

 

I believe even Fort Knox has locks but if someone refuse to lock his whatever can you blame Apple.

post #28 of 32
Quote:
Originally Posted by Apple ][ View Post

If that's the case, then those users are morons. That's like security 101, never use the same damn password across multiple sites. Neither Apple or anybody else can be held responsible for the actions of morons.

If somebody forgets to lock the door to their house, then whose fault is that?
I use the same email and password on lots of sites EXCEPT a few important ones like Apple, my bank and credit cards and my personal email account. I don't care if someone gets my password for an online forum or other site (like AI).

The problem is a lot of people don't treat their accounts differently and use the same lax procedures/passwords for ALL their accounts.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #29 of 32

I'm next door to Australia here in New Zealand.

 

Hasn't happened here yet. In the process of two-factor authentication though. Have to wait for three days for it to start though.

post #30 of 32
Quote:
Originally Posted by SolipsismX View Post


And stop using the same password for every site. No matter how complex you think your password is if you use it for more than one account you continually add all those accounts to a pool of easily hacked account as soon as your own set of credentials is known.

My gut says they had a "secure" password that they used with different services which is how there iCloud accounts were accessible to this criminals.

And make sure the do the basic thing: Turn The Pass Code On. Hacker cannot change you unlock passcode unless you never have it on. Gosh, why are there lots of dumb people?

post #31 of 32
Quote:
Originally Posted by jungmark View Post

The weakest link will always be the human element.

Except for those times when it isn't.
Post from mstone to Benjamin Frost - "Perhaps that explains your lack of mental capacity. If I was your brother, I probably would have repeatedly smashed the side of your head with a cricket bat."
Reply
Post from mstone to Benjamin Frost - "Perhaps that explains your lack of mental capacity. If I was your brother, I probably would have repeatedly smashed the side of your head with a cricket bat."
Reply
post #32 of 32
Quote:
Originally Posted by EricTheHalfBee View Post

Quote:
Originally Posted by Apple ][ View Post

If that's the case, then those users are morons. That's like security 101, never use the same damn password across multiple sites. Neither Apple or anybody else can be held responsible for the actions of morons.

If somebody forgets to lock the door to their house, then whose fault is that?
I use the same email and password on lots of sites EXCEPT a few important ones like Apple, my bank and credit cards and my personal email account. I don't care if someone gets my password for an online forum or other site (like AI).

The problem is a lot of people don't treat their accounts differently and use the same lax procedures/passwords for ALL their accounts.

Yes; I think that the important thing is to make sure that your Apple ID is unique.
Post from mstone to Benjamin Frost - "Perhaps that explains your lack of mental capacity. If I was your brother, I probably would have repeatedly smashed the side of your head with a cricket bat."
Reply
Post from mstone to Benjamin Frost - "Perhaps that explains your lack of mental capacity. If I was your brother, I probably would have repeatedly smashed the side of your head with a cricket bat."
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Hackers use 'Find My iPhone' to lockout, ransom Mac and iOS device owners in Australia