If you ever needed proof that a smartphone doesn’t need to be hacked in order for it to cause chaos, then this is probably it. After reports of iPhones being held to ransom started popping up across Australia and being posted to the Apple support forums, people started asking questions. Now it seems this problem has reached the shores of the United States, and the number of reported cases of iPhones being held to ransom is continuing to increase. So what’s actually happening?
Well, it seems that these iPhones are receiving a message on-screen that says the device is locked, and that if the owner wants to regain control, they need to pay $50 to a provided email address. The vector for these attacks appears to be Apple’s own security system, or iCloud’s Find My iPhone to be exact. The very feature that is supposed to allow owners of stolen iPhones to remotely wipe their devices is being used to hijack them, with the perpetrator demanding money in order to ‘unlock’ them.
Tweets from some of the users affected:
@_caseymaree_: Woken up at 2am by hacked ‘Find My iPhone’ asking for money, no sleeping after trying to sort that out so at work at 6am: Today will be fun.
@abstractg: @ashermoses @Devar This happened to my mum’s iPad last night. I changed her iCloud password and took the phone out of lost mode, locked tho
@mindychops: Has anyone had their phone weirdly hacked through unprompted use of Find My iPhone?
Users complaining on Apple Support Communities forum:
i was using my iPad a short while ago when suddenly it locked itself, and was asking which I’d never previously set up. I went to check my phone and there was a message on the screen (it’s still there) saying that my device(s) had been hacked by ‘Oleg Pliss’ and he/she/they demanded $100 USD/EUR (sent by PayPal to …) to return them to me.
I have no idea how this has happened. I am not aware of having been exposed to malware or anything else, although i did recently purchase some new apps – perhaps one of these has something to do with it? I don’t know. I am not sure what avenue has been used to reach my devices – I’m about to use my husband’s laptop to check through some of my accounts (gmail, etc) and see if there is any clue there.
Has this happened to anyone else? What can or should I do? Many thanks
A member on the Whirlpool Forums also shed some light on the matter, whose iPhone which was jailbroken on iOS 7.0.4 was also compromised using the above mentioned technique:
Now, I was jailbroken, and I was on 7.0.4. I know there was an SSL vulnerability patch in 7.0.6, but I’m pretty careful and I (thought at least) I’d patched that manually. I’d also changed my SSH/root passwords a while back.
So I have no idea how this happened, or how they "found" my phone, but needless to say I’ve since scrapped the jailbreak and brought the software up to date. I’m probably done with jailbreaking after this.
PayPal is saying that no account exists for the email address provided by the ‘hacker,’ which means you’ll get your money back. It does beg one question though; what does anyone have to gain if they’ve no way of getting their ransom money?
The other question revolves around how this is happening. Some are suggesting that the recent eBay security breach is to blame, and that someone is using those details to try and get into iCloud accounts. Presumably someone has made a guess that anyone with an @icloud.com email address will be using the same password for both accounts. Hopefully they’re wrong more than they’re right.
This whole affair is a strange one, especially given PayPal’s comments about the lack of an account for that address. Hopefully we’ll get some answers as to what’s going on in due course.
In the meantime, if you are worried about your device, here’s how to make sure you iCloud account and device is fully protected:
1. Immediately change the password of your Apple ID associated with your iCloud account.
2. Turn on two-step verification for your Apple ID. Here’s how to enable Two-Step Verification for Apple ID / iTunes / iCloud.
If you are already affected by this hack, one simple solution is to Restore the device in iTunes which would rectify the problem. Hopefully you’ve got a recent backup via either iCloud or a local machine, though. If you find yourself in this position, you might want to get that iCloud password changed before you do anything else though. Assuming you still have access to the account, that is.
You may also like to check out: