Apple users have reported attacks by hackers who lock people out of their devices, and demand ransom payments to restore access.
The Australian Government’s Stay Smart Online website has released advice to Apple users, encouraging them to change their Apple ID passwords immediately, with the alert priority listed as ‘high’.
The attacks have predominantly occurred in Australia, but there are now reports of the same hacker or group of hackers also targeting users in New Zealand and the US.
“At present many users are reporting that their phones or systems lock unexpectedly, they receive an email from ‘Find My iPhone’ and a message on their screen stating that their device has been, ‘Hacked by Oleg Pliss’. The message said that to unlock their device they should pay a ransom via PayPal, emailing the payment code to lock404[a]hotmail.com,” Stay Smart Online states.
Currently there is only speculation about how the attacks have been carried out. Apple has not yet responded officially.
It is not confirmed if or how these Apple IDs and passwords were accessed, but suggestions include that hackers may be simply reusing information they may have discovered during a breach of other online services. Unfortunately, many people still commonly reuse the same password for many of their online accounts.
Importantly, Stay Smart Online is advising any users who are hacked not to pay the ransom, and for users to contact Apple directly for more information. Apple has been able to help affected users recover their devices.
David Harley, ESET Senior Research Fellow, said that based on what is known, it is extremely unlikely that Apple itself has been hacked or suffered a vulnerability.
“A far more likely scenario would be that Australian and New Zealand consumers have been targeted by exploiting password reuse – where malicious hackers obtain password and ID credentials in some type of data breach or phishing attack and then reuse them to gain access to other accounts.
“Regardless of the root cause, the most important preventative measure is to enable Apple’s 2-factor authentication for Apple ID credentials. As far as our malware research team can ascertain, no-one in Australia or New Zealand who’s activated 2-factor authentication has received the ransom demand alert,” Harley added.
“Essentially, this allows you to authenticate using a password, a 4-digit PIN (verification code) texted to a trusted device at each login, and also generates a 14-digit recovery for emergency. This might also be a good time to change your Apple ID password and ensure that you’re not re-using a password that might have been compromised from another service,” Harley said.
Image: pio3 / Shutterstock.com
