News

iCloud Hack Takes Out Apple Devices in Australia and New Zealand

Some Australians and New Zealanders who own iPads and iPhones received a rude awakening from an online attacker. When they powered up their iOS devices, their home screens were locked on a nefarious message. “Device hacked by Oleg Pliss,” says the message. “For unlock device YOU NEED send voucher code  by $50 one of this (Moneypack/Ukash/ PaySafeCard) to _____ for unlock.”

In most cases, Mr. Pliss asked for US$50 or €50. In other cases, he got more greedy, demanding US$100 or €100 via PayPal. Although it looks like ransomware to the user, security analysts discovered that no one’s iPad or iPhone actually had malware on it. The mysterious Oleg Pliss had actually taken control of the users’ iCloud accounts.

Hijacking iCloud

iCloud is the hub that connects an Apple user’s devices. Macs, iPods, iPhones and iPads upload files to iCloud, and those files are pushed to other devices. It’s the reason that something downloaded to iTunes on an iPhone also appears on the user’s Mac without requiring USB sync.  It’s also the tool that lets iPhone and iPad users locate their devices remotely or wipe them if they’re lost or stolen.

Oleg Pliss didn’t develop malware, which could have been easily detected and erased by antivirus for Mac software. He hijacked Aussie and Kiwi iCloud accounts by somehow obtaining login credentials. Security researchers have several hypotheses for how attackers stole the information:

  • Recent data breaches. Some researchers wonder whether Oleg Pliss used data from a recent breach, like the eBay breach, to hack into people’s iCloud accounts. In many cases, people use a single password for all of their accounts, or they use just a handful of passwords for multiple accounts.
  • Man-in-the-middle attacks. Some experts suggest that an iTunes or iCloud bug could have rerouted devices to a fake iCloud login site. When users logged into the fake site, attackers gained access to their passwords. Another hypothesis is that attackers rerouted ISP traffic within a vulnerable Australian network. iCloud users had no idea that they were visiting malicious servers.
  • “Joe Job” attack. A Joe Job attack is the online equivalent of writing “For a good time, call ____” in a bathroom stall and scribbling in the number of someone the graffiti artist doesn’t like. In other words, someone could have posted someone else’s iCloud login credentials as an act of retribution against the account holders.

What to Do

So far, experts have no idea how Oleg Pliss obtained iCloud login information. However, they do have some suggestions about how users can keep their iCloud login information safe.

  • Enable two-factor authentication (2FA). iCloud users should set up 2FA with their Apple ID, which won’t allow them to login to iCloud and other Apple services without entering a second login code. Users can receive codes via text message, or they can get codes on any iOS device.
  • Backup all iOS devices. Anyone who owns an iPod, iPad or iPhone should save a backup copy on either their Mac or an external hard drive. If they find their devices locked or remotely wiped, they can perform a recovery mode reset of their iOS devices and recover the backup copy using iTunes.
  • Change all duplicate passwords. Apple users should change all passwords so that they avoid using the same password on more than one account. A password manager can generate random passwords, which contain tough-to-crack combinations of numbers, letters and symbols. Then, password managers store the passwords and auto-fill them into different login fields with a single click.

A Tempting Target

The Australian and New Zealand iCloud attacks aren’t the only known hacks of iCloud accounts. The Russian Interior Ministry also recently reported that it had seized computers, SIM cards and phones used by a pair of Russian hackers. The hackers had obtained iCloud credentials using phishing emails directed at Apple users. They had also created new Apple accounts locked to victims’ iOS devices. Once they had created the new accounts, they sold the Apple credentials so that buyers could obtain apps, music and other assets stored in iCloud by the person who owned the device.

As Apple devices become more popular, attackers will look for more ways to disrupt their operations. Antivirus programs and smart device management techniques, in most cases, should help Apple users protect their accounts.

Andy Ruffell

Disqus Comments Loading...

Recent Posts

Nvidia’s GeForce RTX 5090 Possible Price Revealed

According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…

10 hours ago

AMD Krackan Processor with 6 Zen 5 and Zen 5c Cores for Budget AI Laptops Leaked

A new AMD processor in the form of an engineering model has been leaked in…

10 hours ago

SK Hynix Begins Production of First 321-Layer NAND Chips

SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…

10 hours ago

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

15 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

15 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

15 hours ago