JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

Apple device hijacking spreads to US as Aussies urged to change passwords

Date

Ben Grubb

Zoom in on this story. Explore all there is to know.

Video settings

Please Log in to update your video settings

Video will begin in 5 seconds.

Video settings

Please Log in to update your video settings

Apple ID hack: how to protect yourself

Step-by-step guide to prevent hackers from accessing your iCloud password.

PT1M7S 620 349

Apple device owners who have iCloud accounts are being told to change their passwords by Australian authorities in the wake of a hijacking attack that appears to have spread to the US.

The Australian government's Stay Smart Online service and the NSW Police have both issued warnings to Apple users, which state that as a precaution they should change their passwords.

"With the possibility that this attack is linked to your 'Apple ID', affected users are advised to change [their] Apple ID password as soon as possible," Stay Smart Online wrote in an advisory. "Users not affected may also consider changing their Apple ID password as a precaution."

iCloud users are being urged to change their passwords.

iCloud users are being urged to change their passwords.

"The best course of action is to change your Apple ID password ASAP," NSW Police said.

Meanwhile, Apple issued a statement to Fairfax Media on Wednesday stating its iCloud service had not been hacked, but that impacted users should "change their Apple ID password as soon as possible and avoid using the same username and password for multiple services".

Any users who needed additional help were advised to contact AppleCare or visit an Apple store.

The attacks, which were initially only impacting device owners in Australia, involve a hacker logging in to Apple iCloud accounts and using the lost device feature to lock users out. A message then demands a ransom of between $US50 and $US100 for the device to be unlocked.

If a passcode was set on the device - be it an iPhone, iPad, iPod Touch or Mac - the user could simply enter it, change their iCloud password and avoid having to deal with the ransom. But if no passcode was set, Apple device owners reported having to erase their entire phone or device. If a back-up existed, this could then be used to restore it to when it was last backed up.

The issue appears to stem from the hacker making use of credentials from a previous data breach on an unknown company. Apple's statement alludes to this - by stating that customers should use different passwords across their online accounts -  but does not confirm it.

As is often the case after a data breach, hackers sift through the data looking for information they can use to break into users' other online accounts. And because users often use the same password across multiple online accounts and don't change them, hackers can often get in.

Up until the last few days, the majority of attacked devices were reported to be in Australia, but according to Apple’s support thread, a number of victims have began being attacked in the US.

"I'm in the US. Never been to Australia. Hacked last night…," one user wrote.

"Currently restoring to try and get back online," they added.

Former Victoria Police superintendent Tony Warren was one of the higher-profile targets hit. He told Fairfax Radio he was startled in the middle of the night by the hackers infiltrating his iPad.

"Basically the message was that I had been hacked by Oleg Pliss, was the name given, to contact him on a telephone number... and pay $50 to unlock my iPhone and iPad," Warren said.

It is likely hackers are using the unusual name as a front to get money from people. A real Oleg Pliss is a software engineer at tech company Oracle.

Contacted by Fairfax, Mr Pliss said he was not a hacker.

"I have never hacked any Apple device," he said.

"I am not aware that my name is being used. But there could be other person with the same name."

A similar name is listed on LinkedIn as a banking professional in Ukraine, while there are others in Russia.

Sydney Apple user Susan Walker told Fairfax she lost everything on her iPhone due to the hijacking.

"As I did not have a password on my phone the phone was blocked [from being used]," she said.

"I spent [Wednesday] at the Apple Genius bar having my phone reinstalled. All information (outside my iTunes backup) was lost. I now have a password installed on my iPhone!

"It was awful!"

She said the Castle Hill Apple store she went to "knew nothing" about the issue.

"At no point did I consider paying this scum!" she added, referring to the hacker.

Jayne Cho, an Australian living in South Korea, said her iPhone and iPad was targeted.

"I was woken at 2am with both my iPhone and iPad screaming an alarm and presenting the … message about the device being hacked by Oleg Pliss," she said.

Peta Santoro in Perth was one of the luckier ones who had a passcode set on his device, meaning that he could ignore the hacker's message just by logging in with his passcode.

"My iPhone was protected with a passcode so I was one of the people who were able to still unlock their phones," he said. "My password was one which I used across a number of different websites so I've learnt my lesson and will be allocating different passwords to everything."

When contacted, Australia's three big telcos - Telstra, Vodafone and Optus - referred the matter to Apple. Telstra was the only one to acknowledge the issue in a statement to Fairfax.

"We're aware of the reports and we’ve referred the matter to Apple," Telstra said.

"In the meantime customers who need assistance can contact AppleCare."

In addition to changing passwords, IT security experts have recommended Apple users enable "two-factor authentication" on their accounts if they don't already have it by visiting: http://support.apple.com/kb/ht5570. This acts as a second layer of security by making users have to enter a code that is sent to their mobile device before they are granted access to their account. They should also set a passcode on their iPhones and tablets or passwords on their Macs.

How to change your Apple ID/iCloud password:

  1. Go to My Apple ID (appleid.apple.com).
  2. Click "Manage your Apple ID" and sign in.
  3. If you have two-step verification turned on, you'll be asked to send a verification code to the trusted device associated with your Apple ID. If you're unable to receive messages at your trusted device, follow the guidelines for what to do if you can't sign in with two-step verification.
  4. Click "Password and Security".
  5. In the "Choose a new password" section, click Change Password. 
  6. Enter your old password, then enter a new password and confirm the new password. Click Save when done.

Source: Apple

77 comments so far

  • WHY!? Does any one think Apple is not providing us with an actual mechanism of an attack, but instead is loosely theorizing that people used the same pass codes as other accounts?? Maybe, as has been revealed at white hat conventions, maybe WiFi listeners have picked up the pass codes as people logged in from their devices to such direct services as iCloud? I know for a fact that this is possible, the software to listen in on the log in transaction from both Android AND the Apple i products is freely available online... why isn't Apple cautioning their user base that there is a major security flaw in the way they do authentication, and its a local flaw... not that people use pass codes over and over. Why don't they run a survey amongst the claiments to show this suggested failure, ask people whether they used the same pass codes for their iCloud as for other services... you know... do some work!?

    Commenter
    jonaD
    Date and time
    May 29, 2014, 7:12AM
    • Why do you think they haven't done exactly that? Its reasonably difficult to collate sporadic global reports and get reliable info as to what is happening. Most accounts I've read point to the apple login account being guessed (obtained) and then the phone locking ability being activated.

      Its a simple and likely explanation and also has a simple solution that can be quickly communicated to all users. I'd much rather that than some "We're working on it..." non answer.

      Commenter
      Peter
      Location
      Oz
      Date and time
      May 29, 2014, 8:55AM
    • Hackers are only wrecking their own world by hacking, until the entity tightens right up or until those people grow up. Thankfully most hackers are wannabee's or what we called script kiddies using ready made programs, I have the unorthodox skills to hack but it is a waste of skills doing so and unethical, used to get global hackers globally come to challenge me in a site years back, its more fun beating an confessed hacker than it is to hack.

      Commenter
      Brian Woods
      Location
      Glenroy
      Date and time
      May 29, 2014, 10:25AM
    • All that Apple can see is legitimate logins (i.e. using username and password) and activations of the "lost" feature in Find My Phone.

      How would Apple know how the fraudster got the login details???

      Commenter
      Derwan
      Date and time
      May 29, 2014, 10:47AM
    • or maybe.. *GASP* .. apple devices aren't all they're cracked up to be in the security department??

      I laugh every time this happens - all the iSheep are happy to slap down android, windows, etc when it comes to security, but when it happens to apple? "Oh, it's not *apple's* fault..."

      Hypocrites.

      Commenter
      btg
      Date and time
      May 29, 2014, 10:52AM
    • @btg If somebody has obtained your password (which in this case, was NOT obtained from hacking Apple) then what can Apple do about it?

      Commenter
      JJ
      Date and time
      May 29, 2014, 11:53AM
    • @jonaD: Do you have a source for that? I'll admit I haven't looked into the specifics but I would be very surprised if either apple or google were sending credentials in plain text. I could maybe believe that they aren't verifying certificates, but I still find that unlikely given that certificate pinning is an easy solution to this problem.

      Commenter
      Commenter2095
      Date and time
      May 29, 2014, 12:20PM
  • If you want to make sure that never happens to you, consider activating two-step verification.

    http://support.apple.com/kb/ht5570

    Commenter
    Precaution
    Date and time
    May 29, 2014, 7:12AM
    • OK, the hacker types in your password and they send the hacker a 4 digit code and the hacker is still into your phone.

      Commenter
      Have-A-Chat
      Date and time
      May 29, 2014, 1:59PM
  • 2 very important things to note here. Firstly, Apple was NOT hacked. eBay however was, and encrypted passwords were stolen, which are EASILY reversed if you use a bad password. So basically, lots of people have used the same bad password on eBay and iCloud.

    Secondly, if you had a pass code lock (which everybody should if they have any sense) then this is a non-issue. You are repeatedly warned when setting up an iPhone to use a pass code, so it's your own fault if you end up in this situation.

    Commenter
    JJ
    Date and time
    May 29, 2014, 7:14AM

    More comments

    Make a comment

    You are logged in as [Logout]

    All information entered below may be published.

    Error: Please enter your screen name.

    Error: Your Screen Name must be less than 255 characters.

    Error: Your Location must be less than 255 characters.

    Error: Please enter your comment.

    Error: Your Message must be less than 300 words.

    Post to

    You need to have read and accepted the Conditions of Use.

    Thank you

    Your comment has been submitted for approval.

    Comments are moderated and are generally published if they are on-topic and not abusive.

    Advertisement
    Featured advertisers
    Advertisement