Hackers Remotely Locking Apple Devices for Ransom in Australia
LIKE
TWEET
SHARE
PIN
SHARE
POST
MAIL
MORE
Posted May 27, 2014 at 2:33pm by iClarified
Some Australian Mac and iPhone owners woke up to their Apple devices being remotely locked through Apple's Find My iPhone service with a message demanding payments for their device to be unlocked.
Users on Apple's support forums have been reporting that the message on their device states that they have been hacked by 'Oleg Pliss' and to send a payment to a PayPal account to get the device unlocked.
i was using my ipad a short while ago when suddenly it locked itself, and was askiwhich I'd never previously set up. I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail.com) to return them to me.
We aren't exactly how the devices are being hijacked, but it most likely involves users having their Apple IDs hacked due to weak passwords or a phishing attack -- however all reports of this incident seem to be in Australia. With access to an Apple ID, a hacker could permanently lock you out of your device, see any data stored in iCloud and permanently lock you out of your Apple ID.
To prevent your device from being hijacked, we strongly recommend that you enable two-factor authentication on your Apple ID, update your older, weaker passwords on iCloud and be sure to use a passcode on your iOS device as those devices with a passcode cannot be remotely locked.
Apple should abandon the "Find my iPhone" activation lock or completely revamp it. Coming from someone who works extensively in the field, the activation lock causes more people harm than it helps. I get a half a dozen phones a day in our store from people who buy a used phone on Craigslist or Kijiji and months later they restore it and end up with a activation locked paper weight. No means of contacting the original owner. No means of activating the phone. Often the original owner isn't even missing the phone. They simply forgot to remove it from their iCloud or Find my iPhone. It's a disastrously half assed feature/program.
I wouldn't say that, interestingly this is coming after a hack of a "activation lock", coincidence? Week ago? You can read article here https://www.iclarified.com/40924/hackers-bypass-apples-icloud-activation-lock
I will just quote : " So, why would you use it? For example, if you have forgotten your Apple ID and password or no longer have access to your old itunes-email account then its impossible to regain control of your Apple Product!! doulCi is the solution that will enable you to can regain permenant access. " - yes really, wow do you think that BFU is going to use this? no, only criminals are going to use it.
Bullshit, every kind of jailbreak or hack can be used only to one purpose! "Crime"!
Hackers spent 5 months to monitor traffic coming from/to apple devices to be able to avoid activation lock. Their tool could be easily disassembled or used for different crime activities.
But yes, everyone could say, this is apple's fault! Sure it is.
Noone is perfect Murphy's law : "Each computer code has five bugs, and tis number does not depend on how many bugs have been already found (it is conservative)."
First, the activation bypass does not change the records on Apple servers. Bypassing the find my iPhone activation lock is possible but as soon as you reset/restore the device it will ask for the original iCloud credentials just the same as before it was bypassed. Whatever these hackers are doing is deeper than that. On the apple servers. Second, you're referencing my point exactly. People use iCloud and "Find my iPhone" with the assumption that they can rely on security. It's not secure. Not in the least. People store their intimate security details like credit card numbers and passwords in systems like KeyChain or iCloud which Apple intentionally allows users to assume is secure. In most cases they spend a great deal of effort and resources refining these systems. That's not the case with Find my iPhone. It is a seriously flawed system.
Apple doesn't accept weak passwords, the apple ID password should contain capital and small letters and numbers to pass, there is no way that clients had a weak password. Just sayin
![iPhone's Share of New Smartphone Activations Declines to 33% in the U.S. [Chart]](/images/news/93409/93409/93409-160.jpg "iPhone's Share of New Smartphone Activations Declines to 33% in the U.S. [Chart]")
![New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]](/images/news/93314/93314/93314-160.jpg "New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]")
![Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]](/images/news/93302/93302/93302-160.jpg "Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]")
![AirPods Pro 2 With USB-C On Sale for $189! [Deal]](/images/news/92932/92932/92932-160.jpg "AirPods Pro 2 With USB-C On Sale for $189! [Deal]")
