A number of Australians woke in the middle of the night to alarms blaring from their iOS device or Apple computer to find a message that read, “Device hacked by Oleg Pliss. For unlock device …” Upon clicking, the users saw the hacker's demand for a ransom, ranging from $50 to $100, according to different users.
The attack doesn’t seem to have spread beyond Australia and New Zealand yet, but it may shatter the belief held by many Apple users that their devices are immune from malicious hackers and malware.
my phone and ipad have been hacked overnight, message on screen says "your device has been hacked by oleg pliss... http://t.co/fFiwPksX7o
— Eva Goes (@Eva53) May 26, 2014
Woken up at 2am by hacked 'Find My iPhone' asking for money, no sleeping after trying to sort that out so at work at 6am: Today will be fun.
— Casey Maree (@_caseymaree_) May 26, 2014
Though malware doesn't appear to be involved, the Oleg Pliss attack looks similar to the Cryptolocker malware that made headlines in October 2013 for encrypting a computer hard drive and demanding a $300 ransom be paid in bitcoin within 100 hours. Cryptolocker affected only Windows computers, and while this Oleg Pliss attack doesn’t rely on malware, it shows Apple users that they, too, need to be vigilant about cybersecurity.
Apple (NASDAQ:AAPL) has not yet released a statement on the attack nor responded to International Business Times' questions about why only Australian and New Zealander users were affected, but it appears that the hacker used Apple ID usernames and passwords to access iCloud and lock the devices remotely.
Stay Smart Online, a cybersecurity website run by the Australian government’s Department of Broadband, Communications and the Digital Economy, urged all Apple users to change their Apple ID password as soon as possible, even if their devices were not affected.
“Reports by affected users suggest that this attack is possibly the result of hackers compromising the device owner’s Apple ID and using this to access their iCloud account,” Stay Smart Online said. It speculated that the hackers received user information from another data breach and just guessed that Apple users used the same username and password combination on several devices.
“A hacker with access to your Apple ID can potentially lock any device associated with it remotely, they can see data you have stored in iCloud, access your Apple Store purchases and potentially set up two-step verification (also known as two-factor authentication) on your device, locking you out of your phone completely, and even remotely erase your device.”
The hacker provides an email address to send the ransom via PayPal, but a PayPal spokesperson said there is no account associated with the email address provided. The attack could therefore just be a ploy to convince users to give up financial information.
Users who have two-step identity verification, which requires both a password and a code sent to a separate device to unlock the first device, seem to be protected from the attack. Users with a passcode on their device are also able to bypass the lock and reset the device. Apple users not yet affected may want to enact these security protocols in case the attack spreads to other continents. Users can also turn off “Lost Mode” via iCloud to guard against the Oleg Pliss attack.
For users whose phone or computer is compromised, security experts urge them not give in to the ransom. Apple has methods for bypassing the lock, though it requires resetting the device, which would erase all information that isn’t backed up. Stay Smart Online also said that Apple has been able to help some users recover their device.