Hackers using Find My iPhone feature to hold Apple devices for ransom

Justin Kahn

Posts: 752   +6

hackers find iphone apple find my iphone ransom oleg pliss hostage

There have been a number of Australian iPhone, iPad and Mac users getting their devices hacked, according to reports. Based on discussions from the Apple forums, it appears hackers are locking out users from their own devices via the Find My iPhone feature.

The hackers are able to send the affected users messages and, in some cases, are demanding $50 and $100 payments sent to a PayPal account in order to unlock the devices. One user received a message on an iMac saying "Device hacked by Oleg Pliss." Most individuals targeted report that all of the Apple devices they own have been hacked as opposed to just a single one.

hackers find iphone apple find my iphone ransom oleg pliss hostage

Based on reports it appears that due to the fact that the attacks are coming through Find My iPhone, they are more likely a login info vulnerability than malware or something of that nature. It has been suggested that the hackers may have accessed the iCloud accounts via leaked email passwords and then exploited users who reused that login info for their Apple ID. Some users were able to regain access of their devices because they had already set a passcode. Find My iPhone can only create a passcode if there isn't one already set, not change it. A passcode can only be changed from directly on the device.

Those targeted should get in touch with Apple right away to find some kind of workaround. Many are advising to ensure two-step verification is enabled where possible, not use the same passwords for different accounts and to reset iCloud passwords when possible.

Permalink to story.

 
But...but...wait, the genius at the apple store said the apple products can't get hacked and can't get viruses??? have they been lying to us all these years??!?!?!


**please note the heavy amount of sarcasm included with this post**
 
To those that don't know (the guy above me in this thread): this isn't hacking and its not a virus. The persons affected have been fished for their apple ID. With this apple ID, they simply log on to the findmyphone link on apples site and say LOCK PHONE with their username and password.
 
I don't think the Apple guys are claiming they are virus free. I do think they're claiming that it is significantly less than Windows which is true. And I'm sure it's less than Android as well. Apple has lower market share so there is definitely bigger fish out there. Nevertheless, if their market share continues to increase, they will be targeted more.
 
Another reason NOT to use an iPhone. The first is their price, the second is my unwillingness to support a 'smug' company. The third is their general ugliness and lack of usefulness.

This is the forth reason, at least.
 
This is so funny to me. I feel bad for those who have been effected by this. But the fact that any device can be locked down by use of any features is plain laughable. Next stop is reading about hackers exploiting kill switches. Kill switches are such a pathetic idea but they are coming.
 
This is so funny to me. I feel bad for those who have been effected by this. But the fact that any device can be locked down by use of any features is plain laughable. Next stop is reading about hackers exploiting kill switches. Kill switches are such a pathetic idea but they are coming.

Yep. That is one feature that will deter me from getting any device with it. I can see the need for it but the risks simply aren't justifiable.
 
I don't see why kill switches are a problem if the technology backing them up is robust. If someone thinks "If I steal that phone, its going to be a worthless piece of metal an hour after I take it" then they might not bother taking it, unless the market for replacement screens and parts becomes a hotbed of criminal activity (it might already be, I don't know).

The problem uncovered here for me is that the apple ID password is the only requirement for access to a whole load of information. iCloud keychain, App Store purchases, findmyphone, iCloud email etc etc etc.

So if someone steals someones apple ID (which can't be harder in some cases than scanning the latest adobe leak and testing out usernames vs common passwords) they can then get an iPhone or iPad, log into it with that apple ID, install an iCloud backup (private notes, iMessages, loads of other stuff) and access any sites they have stored credentials in their iCloud keychain.

Thats a mother of a security issue and I imagine that most apple ID passwords are pretty simple (not 16 character etc) as they are needed to authenticate in-app purchases and download free apps on the App Store, a sometimes daily occurrence for a lot of iPhone users. the appleID password needs to be separate and use proper 2 factor authentication especially for features like findmyphone, and downloading iCloud backups to new devices.
 
Back