devices in Australia were taken captive -- or at least that’s what hackers wanted users to think. The iPhone-maker’s forum was buzzing with posts about receiving lost iPhone alerts and demands for money to unlock the devices. Users were told they had to pay anywhere from $50 to $100 via PayPal to regain access to their devices.
“I was using my iPad a short while ago, when suddenly it locked itself . . ." VerityLikestea wrote on the forum. “I went to check my phone and there was a message on the screen (it’s still there) saying that my device(s) had been hacked by ‘Oleg Pliss’ and he/she/they demanded $100 USD/EUR (sent by PayPal).”
Apple and PayPal are assuring users they are on top of the issue. In a public statement, PayPal assured users that if any money was sent its Buyer Protection program would cover them. And Apple made it clear that it takes security very seriously and iCloud was not compromised during this incident.
“Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services,” Apple said in a statement. “Any users who need additional help can contact AppleCare or visit their local Apple retail store.”
We caught up with Andrew Jaquith, CTO and Senior Vice President of Cloud Strategy at cloud security solutions provider SilverSky, to get his take on the problem. He told us, as far as he can tell, this is a garden-variety phishing attack.
“Somebody is sending phishing e-mails, supposedly from Apple, that is causing naive customers to disclose their iCloud credentials,” Jaquith said. “The attacker is then probably logging into iCloud and turning on Lost Mode with a custom ‘Lock Message’ that contains the ransom note.”
As he sees the iCloud scam, it’s not a big deal. Customers just need to pick stronger and longer passwords. That’s the running theme from security experts these days. Industry watchers echoed those thoughts in the eBay hack, the Spotify breach, the Target compromise and a laundry list of other attacks this year -- and in years past.
“There could be more to it than this, but I don’t think so. The bigger lesson here is that as consumers rely more and more on cloud services to manage their devices, automate their homes and consolidate their entertainment, thieves will increasingly target these services,” he said. “Apple, for example, states that it has over 800 million active iTunes accounts. Only a fraction of that number seems to have been affected by this campaign, less than one-thousandth of 1 percent. A problem to be sure, but hardly an epidemic.” (continued...)
Posted: 2014-06-01 @ 3:51am PT
Mine is locked. You could publish some instructions for owners to unlock their iPads. That would be good.