Australian iPhone Owners Wake Up to Ransomware Threat

| News

Many iPhone and iPad owners in Australia woke up Tuesday morning to an unfriendly site: On screen demands for money to unlock their devices. The warning said their device had been hacked by Oleg Pliss and demanded a US$100 ransom before it would be unlocked so they could use it again.

Australian iPhone owners face locked devices, ransom headacheAustralian iPhone owners face locked devices, ransom headache

The attackers changed victim's iPhone and iPad passcodes, or if they hadn't set one up, added a code to their devices, effectively locking them out. The threat is shrouded in mystery because there isn't any hint as to who is behind the scheme, or how it was implemented.

So far, companies like the security research firm Sophos have only been able to speculate as to how the attackers gained access to victim's iPhones and iPads because there isn't any malware involved. What seems likely is that the people behind the Oleg Pliss attack found the iCloud account passwords they needed in data that was stolen by hackers in other data breaches, like the ones that recently hit Adobe and eBay. Since many people reuse their passwords across multiple sites and services, the Oleg Pliss attackers only needed to try the user name and password combos they retrieved against iCloud accounts.

Considering the attack seems localized to Australia and New Zealand, however, it's possible the victims were tricked by a Man in the Middle attack where attackers set up a server that masqueraded as a legit site users regularly visited. Once there, victims enter their user name and password -- just as they would on the the real site -- only to have it stolen by the attackers. If that's the case, the scheme to gather passwords was probably limited to faking some service local to Australia and New Zealand.

The attack wasn't focused on jailbroken devices, so that mostly eliminates the possibility of trojan horse iOS apps, too.

The ransom demand came with its own mystery, as well. The PayPal account victims were instructed to pay to doesn't seem to exist, so the attackers don't have any way to actually collect the money they're demanding.

Some victims have been able to reset their passcode themselves, while others have needed help from Apple to regain access to their hijacked devices.

Assuming the attack was based on stolen login credentials, using unique passwords on every site or online account most likely would have protected the victims. Apple's two-factor authentication system would've protected victims, too, since attackers wouldn't have been able to change account passwords and passcodes without the victim's permission.

Security researchers, and no doubt Apple, have been working to unravel this mystery but so far don't have much to go on. If you live in Australia or New Zealand, changing your iCloud password now is a good idea since that will have the highest likelihood right now of protecting you from the Oleg Pliss ransom crew.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

This doesn't look like a security flaw in iOS for the iPhone and iPad, but instead seems to be some other attack that involves account user names and passwords stolen from somewhere else. Those login credentials may have come from data breaches at other companies, or through some server spoofing attack. Changing your iCloud password seems to be the easiest way to protect yourself for now.

Popular TMO Stories



Not many, 1 reported case. The title implies many yet at the end only 1 iPhone was reportedly hacked or account was hacked or something. This story headline is FUD as it implies thousands and yet only 1 is actually reported.
Sensationalism making a mountain out of a molehill.



This story headline is FUD as it implies thousands and yet only 1 is actually reported.

Wrong. Only 1 case was reported to the Australian Competition and Consumer Commission, but that doesn’t mean only 1 case has happened. According to the Sydney Morning Herald:

iPad, iPhone and Mac owners in Queensland, NSW, Western Australia, South Australia and Victoria have reported having their devices held hostage.

Jeff Gamet

Apple’s own forums have more than one person saying they were hit with this, too.

Lee Dronick

From what I read in the Sydney Morning Herald article it dozens of iPhones, how many dozen is not yet known.

A criminal could set up a web site that would attract iPhone users and then use the email, login and password to try and hijack the iPhones. Or perhaps just take the @icloud addresses from a nefariously run website.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account