A number of iPhone users from down under, also known as Australia, would have been startled by a message on their screens this week. It read: “Hacked by Oleg Pliss. For unlock device YOU NEED send voucher code by 100 $/eur one of this (Moneypack/Ukash/PaySafeCard) to [email protected].”
No doubt the first reaction would have been disgust at such appalling grammar. This would have likely been followed by a “WTF?” moment. Some hit the forums to share their panic, yet few could say how these attacks had taken place. Had an iCloud server been hacked, as some suggested? Apple said no.
What appears to have happened is that Oleg, if that is his real name (of course it isn’t), managed to hack into people’s iCloud accounts and used the Find My iPhone feature to lock people out of their devices.
Australian security expert and all-round good guy Troy Hunt explained it well in his blog post on the issue affecting his fellow countrymen. He noted that as soon as a hacker can get into an iCoud account, they can put the phone into ‘Lost Mode’. They can then set up a PIN for the related devices, which locks the user out.
Then they can leave a message for the user. In this case it was the ransom note from our Oleg. They can even irritate the victim by initiating the “Play Sound” button, so the phone starts making LOUD NOISES. Apparently some of those noises woke up the affected Aussies.
Fairly simple, eh? It’s a clever take on ransomware - a malicious program that locks people out of their devices, sometimes encrypting all the files on the machine, and asks for payment for decryption.
The big question now is: how did Oleg get into people’s iCloud accounts in the first place. Hunt suggested a number of potential methods.
The first was that the hacker had access to people’s passwords for other breached services. Perhaps they had access to the credentials leaked from the eBay attack from earlier this month. But Hunt didn’t think this likely. “But it could be a breach of a local service containing predominantly Australian users,” he added.
The hacker may have gained access to victims’ email accounts beforehand and used a password reset for their Apple IDs.
Possibly the most likely answer to the riddle of how Oleg initiated his attack is phishing. He simply tricked people into handing over their passwords via email, or a fake website.
I received a couple of messages purporting to be from Apple this week. The most convincing of the two told me my Apple ID had been used on an iPhone 4. But I don’t own an iPhone 4! Someone must be hacking me! Obviously I wasn’t going to fall for the trick and click on a link to “verify” my account. The email wasn’t even from anything that resembled an Apple domain. Idiots.
Anyway, if you are affected by Oleg’s attack, or similar issues, here’s some good advice from Hunt, with some sensible caveats: “One way around this is to simply restore from a backup via iTunes. Of course that’s dependent on you actually having a backup in iTunes and indeed Apple have regularly promoted backing up to iCloud as a preferable mechanism (remember, this is apparently the “post-PC” era).
“But even if there is a backup, there’s the question of how recent it is – have you possibly just lost a week of kid photos? A month? A year?
“If you were backing up to iCloud then you can always restore from there. Of course that’s also dependent on actually being able to access iCloud in the first place, you know, the place the attacker already controls!
“If he’s elected to change the password (and so far I’ve not seen a report of that in this recent spate of incidents), then you might be in for a password recovery process assuming they haven’t also compromised your ability to do that. Oh – and of course all this assumes that they haven’t deleted the device backups from iCloud altogether.”
If your iCloud account does get hacked, good luck with that.
by pbriden via Featured Articles
Posts
No comments: