Hacker hijacks Apple devices remotely, asks for ransom
Posted on 27 May 2014.
An unusual case of cyber extortion has been spotted in Australia: Apple device users in Queensland, NSW, Western Australia, South Australia and Victoria have been woken up to messages displayed on their devices saying they have been hacked.

The message says that the hacker is one "Oleg Pliss", and that they should send $50 (or alternatively "$100 USD/EUR") to a PayPal account in order to get their devices unlocked.

So, what happened? And why have only Australian users been targeted?

Well, it seems that no actual malware is involved, and for now the most likely explanation is that the attacker has somehow gotten a hold of the victims' iCloud login credentials and used them to remotely lock their devices with a passcode via the "Find my iPhone" feature.

Users who have been faced with this problem are advised not to pay the ransom and to contact Apple directly to be advised on how to unlock their devices and regain access to their iCloud account.

It's interesting to note that the victims who have set up an access passcode on their devices have seen the ransom message, but are able to regain control of their devices by simply inputing it.

Apple has yet to officially comment on the matter, but a PayPal spokesperson has confirmed that there is no PayPal account linked to the email address given by the hacker, and that the money already sent by the victims will be returned to them.

The curious name used by the attacker is more than likely an alias, but it's interesting that it's also the name of a well-known software engineer working for Oracle.

All in all, I'm inclined to think that this attack is more of a prank than anything else. If you were the attacker, would you give out the email for an existent PayPal account? Or, alternatively, would you use a PayPal account at all?

The question remains how he (or she) managed to get the iCloud account login credentials. My bet is on some Australian service having been hacked and the attacker trying out the harvested login credentials against the iCloud service, relying on the fact that at least some of the users will have used the same ones for both.


10 practical security tips for DevOps

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Mar 31st