Australian Apple iPhone and iPad users are finding their devices locked by a hacker going by the name of Oleg Pliss. The hacker demands cash. The hack only occurs to people who have not set a passcode for their Apple device. People can’t unlock their iPhone or iPad because they have never set an unlock code. The hacker set an unlock from within the user’s Apple ID or iCloud account.
The people believed to be vulnerable to the attack are people that use common passwords across multiple kinds of accounts — such as eBay, which experienced a hack last week. Their database, which contained encrypted passwords was breached. Hackers were able to gain access to eBay employ log-ins, which opened up the ability to gain customers’ encoded passwords, but not financial information.
People who use the same passwords for their eBay and their Apple accounts (and had no unlock code on their Apple device), might have been the people who had their passwords used in their Apple accounts. Once the hacker is able to log in to the Apple user’s iCloud account, it is very easy to lock an iPhone that doesn’t already have an unlock code.
The procedure that a hacker would use to lock the iPhone is the same procedure that a legitimate owner of the iPhone would use if they lost their phone. The Apple “Find My Phone” feature shows the location of a powered up phone, but it also has the ability to assign a lock code, and therefore lock a phone that doesn’t already have a lock code assigned by the legitimate owner. In legitimate situations, the owner of a lost iPhone locks their iPhone, and sends a message with instructions meant for the finder of the Apple iPhone, such as call this number to arrange a meeting, and perhaps even offer a reward. Instead legitimate owners received ransom notes to get the unlock codes for their phones.
“iPad woke me at [TIME] with the message ‘Your device has been hacked by Oleg Pliss'”
— Sample hacker message
The hack hasn’t been reported in the United States as of Tuesday afternoon.
Here’s how to defend yourself.
There are some simple procedures to prevent being a victim of the hack.
If you don’t have a lock code for your device, set up a lock code for your device because the hacker can’t change your lock code … the hacker can only create a lock code that you don’t know.
Don’t share the same password across multiple types of accounts. If you have shared your password across accounts, immediately change the passwords using a different password for each account.
Recovering if your device has already been hacked
There is more pain involved if your device has already been hacked.
If your device has already been hacked, you might be able to log in to iCloud, but you won’t be able to change the lock code of your iPhone or iPad from the “Find my phone” section.
It is unlikely that the hacker was able to change your iCloud log-in password, because the confirmation would go to your email address, but you won’t have any method to change the unlock code that the hacker designated.
You could wait to see if Apple has a solution, or you can connect to the computer with iTunes that you normally sync to your device. You have to restore the device with iTunes or use two other methods using “Find My iPhone” and Erase device or use recovery mode.
Check this Apple document for full instructions …
Get updates from The Cardinal ALL NEWS FEEDS on Facebook. Just ‘LIKE’ the ‘Arlington Cardinal Page (become a fan of our page). The updates cover all posts and sub-category posts from The Cardinal — Arlingtoncardinal.com. You can also limit feeds to specific categories. See all of The Cardinal Facebook fan pages at Arlingtoncardinal.com/about/facebook …