Australian Apple devices locked in suspected Apple ID hack

Australian Apple devices locked in suspected Apple ID hack

Summary: Overnight, many Australian users of Apple's devices, both iOS and OS X, have woken up to find access to their devices locked by hackers asking for US$100 to unlock them.

SHARE:
TOPICS: Cloud, Apple, Security
10

A number of Australian users of Apple's iCloud connected devices woke up this morning to the shock of finding themselves locked out of their devices.

appleoleghack
The hackers' message on an iMac
(Image: Screenshot of post by amberoonie)

Apple customers are finding that their phones, tablets, and even desktops and laptops, are showing a message originating in Apple's find my device service that states "Device hacked by Oleg Pliss" and the user send US$100 to unlock the device.

Affected users have descended upon a community Apple support thread, with some users finding that not only has their device been hacked, but a passcode has been added, presumably from the Find My iPhone section in Apple's iCloud, preventing the users from accessing or restoring their device.

Users with passcodes on their devices report being able to acess the device again by restoring it from a backup using iTunes.

One user, holidaying in London, reports being able to take their device into an Apple store, but no solution was found as they appear to have not had a passcode on the device prior to the attack.

The attack was initiated in the early hours of the morning across Australian, with one user, deskokat, reporting being woken up at 4:30am with the associated 'hacked by Oleg Pliss' message and sounds being played out of their iPad.

"I thought it was the morning alarm. I just signed in with my code, and all seems ok. I then signed in to my powerbook — but as a guest user — VERY grateful I did," deskokat wrote.

"Message to say I'd been hacked there too, wouldn't let me sign out without erasing all data for that user. As there was nothing but a couple of expendable files on there, I signed out. And the guest user portal has been erased. I then went into my own (password protected) desktop, no hacking message. Have changed my Apple ID password."

The user reported receiving 15 messages in their hotmail account stating that a "lost" status was applied to all their devices through Find My iPhone services, sounds were played, and all devices were subsequently marked as "found".

Vodafone and Optus told ZDNet that they had received no calls from customers on the issue.

A Telstra spokesperson said they were aware of the reports, and have referred the matter to Apple.

"In the meantime customers who need assistance can contact Apple Care," Telstra said.

Comment has been sought from Apple, but had not been received by the time of publication.

It is presumed that the hackers have gained access to the user's Apple ID credentials, and from that point on, have been able to access the Find My iPhone service to lock the devices.

The attack arrives as reports surface that Apple is set to unveil a home control system at WWDC next week.

Update: Added comment from Telstra, Vodafone, and Optus

Topics: Cloud, Apple, Security

About

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • Well Now

    ain't that a son of a .....!
    Mujibahr
  • It just doesn't work

    What do the Apple fans say ?
    johnafish
    • Hacking iCloud

      It just works
      warboat
  • Apples' Response:

    "Due to the physical location (down under) of these devices, the devices are in effect being used in the 'upside down' position and therefore Apple claims no responsibility for this problem. It is the users responsibility to hold their devices in the correctly oriented position at all times."
    Mujibahr
  • not the first time

    Not the first time this has happened with Apple, just not on this scale.

    I'm surprised no one is asking the obvious question here given multiple users are locked out - Is it a breach of the iCloud security for accounts or a breach of the iCloud security for the infrastructure?

    If its an accounts breach then that adds Apple to the growing list of the likes of LinkedIn, Adobe, eBay etc. If its a breach of the infrastructure that's even more serious.
    aesonaus
    • I agree

      This sounds suspiciously like an Apple breach - how coincidental that only Apple users appear to be affected?
      Why aren't the Federal Police looking into this?
      Flash6969
  • passwords are the problem

    Reported else where that this is likely due to the reuse of passwords across services, rather than an actual hack. Phones and macs that have a passcode aren't affected as the user can unlock the device with the pass code.
    mjpwall@...
  • What?!?!?!

    This simply must be a beat-up or inside job. Haven't the fanbois always said that this sort of thing cannot happen with Apple?
    KRP1950
  • Article: Apple is set to unveil a home control system at WWDC next week

    Outstanding! Can't wait for this:

    A message stating "Home hacked by Oleg Pliss" and the user send US$250 to unlock the home.
    Rabid Howler Monkey
  • security

    I don't think setting a password makes everything go off beautifully. Some hackers easily gain access to Wi-Fi connected iPhone when it's jail-broken if they try the default root password, 80% jail-breakers know nothing about the root password configuration after their jailbreak!!! Some users even install spy apps like ikeymonitor to steal unlock pass-code when the device is jail-broken. We are not living in a safe world protected by password.

    But it is at least safer than no password. In normal cases, password is a protective and useful shield, even if it is weak to some extend..
    SherlockLV