The past 24 hours has seen a spate of stories warning about a spate of ‘ransomware’ attacks on iPhones and iPads – especially in the the UK and Australia. According to the reports, compromised devices are locked and owners are instructed to email a ransom (variously: $100, $50, €100) to one “Oleg Pliss” to have their devices unlocked.
These attacks aren’t really news. In fact, the Oleg Pliss scam appears to have been circulating for close to six months. However, it’s worthwhile reviewing what we do (and don’t) know about these latest attacks on mobile devices. Accordingly, Security Ledger has put together a short FAQ that tells you what you need to know about the latest mobile scam, and to dispel some of the rumors floating around in the Internet ether.
What’s Going On?
According to news reports and complaints on Apple Support forums, owners of iPhones and iPads are having their devices locked. A message displayed on the locked devices reads:
“Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to email:email@example.com for unlock.”
The hacks appear to affect mainly iPhone and iPad users in Australia and the UK, though there are reports of similar incidents in the US and other EU countries.
Is this the work of an iPhone/iPad virus?
Probably not. Reports suggest that affected users have had their iCloud account hijacked and that the Apple Find My iPhone feature is being abused to lock the devices and hold them ransom. That doesn’t require cyber criminals to put malicious software on their mobile device.
Has Apple’s iCloud been hacked?
It is possible that hackers compromised accounts by first compromising Apple’s iCloud infrastructure. Recent media reports suggest that groups of Dutch cyber criminals have figured out how to conduct ‘man in the middle’ attacks between mobile devices and iCloud that could result in customers online credentials being stolen.
That said, its not likely. For one: Apple has publicly denied that there has been any compromise of its iCloud infrastructure. A more likely scenario is that individual Apple customers are being targeted either through phishing attacks (by e-mail or social media). Alternatively, cyber criminals may have retrieved personal information on Apple customers stolen from another vendor, and are taking advantage of customers who have re-used an e-mail and password combination as their Apple ID.
My phone has been hijacked. What should I do?
If your device has been hijacked and is being held for ransom, do not pay the ransom. There is no guarantee that the criminals will unlock your phone – in fact: they have every reason not to. Instead, follow Apple’s instructions for restoring a locked or disabled device. You can read those instructions here.
How can I prevent my iPhone/iPad from being hacked?
Regardless of whether your mobile device was compromised in the recent ‘Oleg Pliss’ ransom attacks, you should take some time to evaluate the security of your mobile device(s) and make sure you’re using due diligence in securing them. Among the simple steps you should take to secure your mobile device are:
- Set up a passcode on your mobile device – the biggest security threat facing you as a mobile device owner is theft. Thieves who steal your device can get access to your contacts, social media and e-mail – a boon for identity thieves and scammers. Using a passcode to access device won’t make it hacker proof, but it will make it much harder for thieves to get at your stuff.
- Set up a strong, unique password or passphrase for iCloud – as the ‘Oleg Pliss’ incident suggests, getting access to someone’s Apple ID and their iCloud account is as good as getting access to their mobile device. It may even be better. You should have a strong password or passphrase to access iCloud that’s different from the password you use on any other online account.
- Enable Apple’s two-step verification – Apple offers a two factor authentication option to secure your Apple ID account. You should absolutely take advantage of it. Two factor authentication requires anyone trying to log into your account to enter the correct user ID and password, plus a separate numeric code that is sent to the mobile phone you register with your account. It’s an extra security step that guarantees the person logging into your account is actually you and is enough to keep hackers at bay, even if they have your account ID and a valid password. Learn about enabling two step verification for your Apple ID here.
Is this a new attack?
Actually, no. A spate of news reports make it seem as if the ‘Oleg Pliss’ mobile ransomware attacks are a new occurrence. But media reports of hijacked Apple iPhones and iPads go back to the beginning of the year. Most reports seem to come out of Australia and the UK, but this scam has been running for a number of months and certainly isn’t new.
Who the heck is Oleg Pliss?
Oleg Pliss appears to be this guy: a senior software engineer at database giant Oracle -and a well respected technology industry veteran. It goes without saying that Pliss is not the guy behind the ransomware schemes. Rather, his name is being (ab)used by the scammers – either intentionally, or unintentionally. Whatever the case: you shouldn’t be reaching out to those behind this scam in any way, so the identity of ‘Pliss’ shouldn’t matter. Focus on getting your device and data back then implement stronger security to make sure this doesn’t happen again!