Dozens of Australians using Apple iDevices received a rude awakening on Monday morning as rumours spread about various devices across the Apple range having been hacked – in fact hi-jacked.
Reported across several media platforms iPad’s, iPhones and Apple Mac’s of Apple users in Queensland, Western Australian, South Australia, Victoria and NSW have been held to ransom.
Users received messages stating that their phone had been hacked and a ransom of between $50 and $100 had been demanded. The message stated that users would regain control of their devices once the required ransom had been paid into a PayPal account.
According to some users they received a ‘passcode’ on their device enabling them to unlock it but some who apparently had not received this passcode remained helplessly off the grid.
One complainant said, “I went to check my phone and there was a message on the screen … saying that my device(s) had been hacked by ‘Oleg Pliss’ and he/she/they demanded $100 USD/EUR (sent by Paypal to lock404@hotmail.com) to return them to me. I have no idea how this has happened.”
While PayPal reacted in saying that the email account used by the hacker does not exist on their system they added that any money paid would be refunded to the victims of this scam.
Affected customers reported the problem to their service providers and some had contacted Apple. Message and complaints boards lit up with messages like;
“Vodafone kept saying ‘iPhone can’t be hacked,’ ” wrote “Shleighbo”, an Apple user.
“Rang Telstra and they said it is an Apple issue,” another said.
Yet another user reported, “The Optus tech support was not helpful.”
While Telstra said they were aware of the reports and had referred the matter to Apple, no comments have yet been received from Apple. Optus have advised affected customers to do the same.
Vodafone’s support centre said that they have not received in queries in this regard.
Troy Hunt, an IT security expert, said in an article published by the website stuff.co.nz that hackers were using compromised login credentials from recent data breaches to access accounts and lock users out.
“It’s quite possible this is occurring by exploiting password reuse. Regardless of how difficult someone believes a password is to guess, if it’s been compromised in another service and exposed in an unencrypted fashion, then it puts every other service where it has been reused at risk.” Said Hunt, adding,” Of course it also suggests that two-factor authentication was likely not used as the password alone wouldn’t have granted the attacker access to the iCloud account.”
On their website Apple has published instructions of how to bypass the passcode should a hacker have set one to their device and should then reset all their passwords.
Once users regain control of their accounts / device, it is recommended they change their passwords.