Many iPhone and iPad owners in Australia woke up Tuesday morning to an unfriendly site: On screen demands for money to unlock their devices. The warning said their device had been hacked by Oleg Pliss and demanded a US$100 ransom before it would be unlocked so they could use it again.
Australian iPhone owners face locked devices, ransom headache
The attackers changed victim's iPhone and iPad passcodes, or if they hadn't set one up, added a code to their devices, effectively locking them out. The threat is shrouded in mystery because there isn't any hint as to who is behind the scheme, or how it was implemented.
So far, companies like the security research firm Sophos have only been able to speculate as to how the attackers gained access to victim's iPhones and iPads because there isn't any malware involved. What seems likely is that the people behind the Oleg Pliss attack found the iCloud account passwords they needed in data that was stolen by hackers in other data breaches, like the ones that recently hit Adobe and eBay. Since many people reuse their passwords across multiple sites and services, the Oleg Pliss attackers only needed to try the user name and password combos they retrieved against iCloud accounts.
Considering the attack seems localized to Australia and New Zealand, however, it's possible the victims were tricked by a Man in the Middle attack where attackers set up a server that masqueraded as a legit site users regularly visited. Once there, victims enter their user name and password -- just as they would on the the real site -- only to have it stolen by the attackers. If that's the case, the scheme to gather passwords was probably limited to faking some service local to Australia and New Zealand.
The attack wasn't focused on jailbroken devices, so that mostly eliminates the possibility of trojan horse iOS apps, too.
The ransom demand came with its own mystery, as well. The PayPal account victims were instructed to pay to doesn't seem to exist, so the attackers don't have any way to actually collect the money they're demanding.
Some victims have been able to reset their passcode themselves, while others have needed help from Apple to regain access to their hijacked devices.
Assuming the attack was based on stolen login credentials, using unique passwords on every site or online account most likely would have protected the victims. Apple's two-factor authentication system would've protected victims, too, since attackers wouldn't have been able to change account passwords and passcodes without the victim's permission.
Security researchers, and no doubt Apple, have been working to unravel this mystery but so far don't have much to go on. If you live in Australia or New Zealand, changing your iCloud password now is a good idea since that will have the highest likelihood right now of protecting you from the Oleg Pliss ransom crew.