Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old May 26, 2014, 11:42 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Hackers Remotely Locking Some Macs and iOS Devices in Australia for Ransom




A number of iOS and Mac users in Australia are reporting a growing issue on Apple's support forums (via The Age) in which hackers are locking iPhones, iPads and Macs remotely through iCloud. Compromised devices are also displaying warning messages offering unlocks for money.

A hacker's message on a compromised iMac (via The Age)
Member veritylikestea on Apple Support Communities:
Quote:
i was using my ipad a short while ago when suddenly it locked itself, and was askiwhich I'd never previously set up. I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR to return them to me.
Member Sei_L on Apple's forums also reports a similar message:
Quote:
Same things here, both Ipads got the "hacked by Oleg Pliss" message, both have passcodes. In Western Australia also. I've chatted with Apple Chat and they said "this is very serious." They've set up a phone call back from the correct department (whoever they are) tomorrow morning so we'll see what happens then. We can access the ipads because they both had passcodes but when an app is used, it comes up with GameCentre password request; we didn't put it in.
IT security expert Troy Hunt commented on the specifics of the issue, stating that the hackers are likely using compromised data exposed from recent security breaches to login to iCloud accounts. Hunt also notes that the accounts hacked were likely not using two-step verification, suggesting that a single password would have not had granted access had the feature been turned on.

Apple has yet to officially comment on the issue, although users are encouraged to turn on two-step verification for their Apple ID with directions available on a support page.

Article Link: Hackers Remotely Locking Some Macs and iOS Devices in Australia for Ransom
MacRumors is offline   0 Reply With Quote
Old May 26, 2014, 11:45 PM   #2
surfingarbo
macrumors member
 
Join Date: Jun 2011
Location: Calgary, AB, Canada
Sigh, I wish my devices were hacked. It would force me to actually go outside and admire real life.
__________________
2013 MacBook Pro 15" | iPad Air | iPhone 5s | 2009 Mac Mini | iPod Nano 5th Generation | iPod Classic 5th Generation
surfingarbo is offline   24 Reply With Quote
Old May 26, 2014, 11:49 PM   #3
somethingelsefl
macrumors 6502
 
Join Date: Dec 2008
Location: Tampa, FL
I setup Apple's 2-step a while back...but why isn't 2-step on ALL Cloud services?
somethingelsefl is offline   3 Reply With Quote
Old May 26, 2014, 11:52 PM   #4
karstas
macrumors regular
 
Join Date: Apr 2014
Emmm what for those countries which isn't supported with Apple iCloud two-step verification? -.-' iCloud keychain sms verification works for my country like Google, Hotmail, dropbox and etc while Apple don't give a ***** about iCloud two-step...shame
karstas is online now   3 Reply With Quote
Old May 26, 2014, 11:57 PM   #5
Ludatyk
macrumors regular
 
Join Date: May 2012
Location: Texas
I'm on the 2-step password verification... but I was under the impression that if I logged under "iCloud.com" to check my email. I would be prompt to have a secondary security check.

But the 2-step password verification only works for appleid.apple.com.. as far as I know. I have 2 step verification with Google, Microsoft & Dropbox and all them have some form of secondary check with their logins.

Is "icloud.com" separate from the 2-step verification?
__________________
-I d0ubt theref0re I might be-
Ludatyk is offline   5 Reply With Quote
Old May 27, 2014, 12:01 AM   #6
haruhiko
macrumors 68030
 
haruhiko's Avatar
 
Join Date: Sep 2009
Using a different password for possibly insecure websites is very important.
__________________
Mac: rMBP'12, iMac'08/24", Mini'09, MBP'10/15", MBA'11/13". iPhone: 5s/64S 5/64B, 4S/64W, 4/32B, 3GS/16. iPT: 3G,1G. iPad: Air,Mini2,4,3/LTE/64 2/3G/32, 1/WiFi/16. ATV'12,'11, AEBS'09, TC'13/2TB
haruhiko is offline   3 Reply With Quote
Old May 27, 2014, 12:03 AM   #7
Cougarcat
macrumors 603
 
Join Date: Sep 2003
Quote:
Originally Posted by Ludatyk View Post
I'm on the 2-step password verification... but I was under the impression that if I logged under "iCloud.com" to check my email. I would be prompt to have a secondary security check.

But the 2-step password verification only works for appleid.apple.com.. as far as I know. I have 2 step verification with Google, Microsoft & Dropbox and all them have some form of secondary check with their logins.

Is "icloud.com" separate from the 2-step verification?
The verification only happens when you set up a new device, you change your account info (i.e log in to applied.apple.com) or when you forget your password.
Cougarcat is offline   0 Reply With Quote
Old May 27, 2014, 12:06 AM   #8
stiligFox
macrumors 6502a
 
stiligFox's Avatar
 
Join Date: Apr 2009
Location: 10.0.1.3
This has me very worried. I'm mostly concerned to see how they got in -- via guessing from a password from another site or from Apple's servers (however unlikely that maybe).

It's late where I am, and when I'm tired I tend to overreact about things, but this makes me think twice about using Keychain/Find My Mac!

This is all the things that's wrong with cloud stuff -- when we have the possibility to loose even 5% of the control over our device, it becomes very insecure. Having my data held for ransom is not on the top of my bucket list...
stiligFox is offline   3 Reply With Quote
Old May 27, 2014, 12:20 AM   #9
BeefJerky
macrumors newbie
 
Join Date: Feb 2014
Location: Australia
This is so nerve wracking. Especially since I live in Australia. I'm not sure what actions that apple can take to rectify this issue, perhaps they will provide a software update?

So really no one is safe, even if you have a password prior to it being hacked?
BeefJerky is offline   2 Reply With Quote
Old May 27, 2014, 12:24 AM   #10
lk400
macrumors 6502
 
Join Date: Aug 2012
Quote:
Originally Posted by haruhiko View Post
Using a different password for possibly insecure websites is very important.
Like ebay? I think that using different passwords for all purposes is important.
lk400 is offline   2 Reply With Quote
Old May 27, 2014, 12:30 AM   #11
CoreForce
macrumors member
 
Join Date: Aug 2003
Location: Zurich, Switzerland
Please be reminded that 2-step verification is available to a very limited number of countries only.
CoreForce is offline   9 Reply With Quote
Old May 27, 2014, 12:47 AM   #12
rmatthewware
macrumors 6502
 
Join Date: Jul 2009
Death penalty for hackers.
rmatthewware is offline   12 Reply With Quote
Old May 27, 2014, 12:50 AM   #13
retroneo
macrumors 6502a
 
Join Date: Apr 2005
Quote:
Originally Posted by Arndroid View Post
The guy puts his name right in the hack. Australia is relatively small. Just drive over to his house.
It's still the sixth largest country in the world.
retroneo is offline   18 Reply With Quote
Old May 27, 2014, 12:58 AM   #14
ChazUK
macrumors 603
 
ChazUK's Avatar
 
Join Date: Feb 2008
Location: Essex (UK)
This article just reminded me to update all of my 2 step authentication details.

2 old phone numbers and various devices I no longer own linked to my account. Luckily I had my master key hand to do so.

All done!
ChazUK is offline   0 Reply With Quote
Old May 27, 2014, 01:14 AM   #15
viizi
macrumors regular
 
Join Date: Dec 2010
it's alright, hackers are usually very negative people which will in turn affect their health they will die off soon enough.
viizi is offline   0 Reply With Quote
Old May 27, 2014, 01:28 AM   #16
lk400
macrumors 6502
 
Join Date: Aug 2012
Quote:
Originally Posted by BeefJerky View Post
This is so nerve wracking. Especially since I live in Australia. I'm not sure what actions that apple can take to rectify this issue, perhaps they will provide a software update?

So really no one is safe, even if you have a password prior to it being hacked?
There have been a few high profile data breaches of (non-apple) sites lately. Most likely that data has been used to do this. No update can fix that. Just change your passowords, use different passwords from different sites, and where possible dont give custom to companies who dont respect your personal data, like ebay.
lk400 is offline   2 Reply With Quote
Old May 27, 2014, 01:31 AM   #17
WallToWallMacs
macrumors regular
 
Join Date: Jan 2014
Maybe it would be best if such idiots didn't have passwords like 'password123' then whine when someone hacks then. Honestly, I wish there was a fine for those idiots who choose stupid passwords and then find themselves hack - $1,000 fine would be a good incentive to stop people from being idiots.
WallToWallMacs is offline   0 Reply With Quote
Old May 27, 2014, 01:32 AM   #18
NitinNike
macrumors member
 
Join Date: Apr 2012
I am afraid that they will have access to all the passwords saved in iCloud Keychain.
My country doesn't have 2-step verification 😩.
NitinNike is offline   0 Reply With Quote
Old May 27, 2014, 01:32 AM   #19
APlotdevice
macrumors 68020
 
APlotdevice's Avatar
 
Join Date: Sep 2011
I think these schmucks should be aquatinted with some of Australia's indigenous fauna as punishment.

Quote:
Originally Posted by thaifood View Post
Australia is geographically about the same size as North America
Not really: NA is 24.3 million square kilometers, whereas Australia is only 7.6 million square kilometers. Now if you meant the continental US, then yes, it is pretty close (e.g. 7.7 million square kilometers (if you only count land)).
__________________
Pebble SmartWatch - iPhone 5c - 11" Macbook Air '13 - TV - HTPC - Numerous Consoles
There is something deeply wrong with a society more offended by breasts than by entrails.

Last edited by APlotdevice; May 27, 2014 at 01:41 AM. Reason: fixed measuring unit error
APlotdevice is offline   1 Reply With Quote
Old May 27, 2014, 01:43 AM   #20
declandio
macrumors 6502
 
Join Date: Apr 2009
Location: London, UK
Quote:
Originally Posted by WallToWallMacs View Post
Maybe it would be best if such idiots didn't have passwords like 'password123' then whine when someone hacks then. Honestly, I wish there was a fine for those idiots who choose stupid passwords and then find themselves hack - $1,000 fine would be a good incentive to stop people from being idiots.
There should also be a fine for presumptuous posts made by idiots who think they're somehow superior to people they know nothing about.
declandio is offline   18 Reply With Quote
Old May 27, 2014, 01:56 AM   #21
Truffy
macrumors 6502a
 
Truffy's Avatar
 
Join Date: May 2005
Location: somewhere outside your window...
So glad I never use iCloud.
__________________
Too much stuff
Not enough stuff
Truffy is offline   11 Reply With Quote
Old May 27, 2014, 01:56 AM   #22
Parasprite
macrumors 65816
 
Parasprite's Avatar
 
Join Date: Mar 2013
Quote:
Originally Posted by .Andy View Post
Checks out on Wikipedia by area as roughly: USA - Alaska = Australia
__________________
Has anyone, anywhere, ever actually used ~/Pictures/iPod Photo Cache/ for anything besides deleting or hiding it?
Parasprite is offline   1 Reply With Quote
Old May 27, 2014, 01:59 AM   #23
thaifood
macrumors 6502
 
Join Date: Jun 2011
Quote:
Originally Posted by APlotdevice View Post
I think these schmucks should be aquatinted with some of Australia's indigenous fauna as punishment.



Not really: NA is 24.3 million square kilometers, whereas Australia is only 7.6 million square kilometers. Now if you meant the continental US, then yes, it is pretty close (e.g. 7.7 million square kilometers (if you only count land)).
Yea, I implied continental US.
thaifood is offline   0 Reply With Quote
Old May 27, 2014, 02:12 AM   #24
7thson
macrumors 6502
 
Join Date: May 2012
Location: Six Rivers, CA
I'd be more freaked out if this was happening in multiple countries. It just being in Australia suggests that the security breach is localized and the victims probably had redundant logins and passwords. We'll see, hopefully. I'm glad I ponied up for 1 Password recently. It's kind of a hassle on iOS but it's worth it.
7thson is offline   1 Reply With Quote
Old May 27, 2014, 02:48 AM   #25
jovada
macrumors member
 
Join Date: Jan 2006
Quote:
Originally Posted by CoreForce View Post
Please be reminded that 2-step verification is available to a very limited number of countries only.
Belgium has no Apple Store and apparentely also no 2-step verification. Come on...
__________________
[jorisvandael.be]
+ jorisvandael.be/weblog (Dutch only)
+ eurobilltracker.eu

jovada is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iPhones hackers now holding devices for ransom through Find My Phone Read more at htt jamezr Alternatives to iOS and iOS Devices 1 May 27, 2014 09:51 AM
SlatePro TechDesk Features Built-In Docks for iOS Devices, Air Vents for Macs MacRumors iOS Blog Discussion 86 Mar 30, 2014 10:44 AM
LaCie Fuel Offers 1 TB Wireless Storage with Hotspot Sharing for iOS Devices and Macs MacRumors iOS Blog Discussion 58 Feb 28, 2014 01:43 AM
Cannot use home sharing from iOS devices but can use from other Macs caspersoong OS X Mavericks (10.9) 0 Feb 21, 2014 06:22 PM
Great/famous things done with Macs/iOS devices jamesjingyi Community Discussion 1 May 29, 2013 10:09 PM

Forum Jump

All times are GMT -5. The time now is 09:16 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC