Apple device owners who have iCloud accounts are being told to change their passwords by Australian authorities in the wake of a hijacking attack that appears to have spread to the US.
The Australian government's Stay Smart Online service and the NSW Police have both issued warnings to Apple users, which state that as a precaution they should change their passwords.
"With the possibility that this attack is linked to your 'Apple ID', affected users are advised to change [their] Apple ID password as soon as possible," Stay Smart Online wrote in an advisory. "Users not affected may also consider changing their Apple ID password as a precaution."
"The best course of action is to change your Apple ID password ASAP," NSW Police said.
Meanwhile, Apple issued a statement to Fairfax Media on Wednesday stating its iCloud service had not been hacked, but that impacted users should "change their Apple ID password as soon as possible and avoid using the same username and password for multiple services".
Any users who needed additional help were advised to contact AppleCare or visit an Apple store.
The attacks, which were initially only impacting device owners in Australia, involve a hacker logging in to Apple iCloud accounts and using the lost device feature to lock users out. A message then demands a ransom of between $US50 and $US100 for the device to be unlocked.
If a passcode was set on the device - be it an iPhone, iPad, iPod Touch or Mac - the user could simply enter it, change their iCloud password and avoid having to deal with the ransom. But if no passcode was set, Apple device owners reported having to erase their entire phone or device. If a back-up existed, this could then be used to restore it to when it was last backed up.
The issue appears to stem from the hacker making use of credentials from a previous data breach on an unknown company. Apple's statement alludes to this - by stating that customers should use different passwords across their online accounts - but does not confirm it.
As is often the case after a data breach, hackers sift through the data looking for information they can use to break into users' other online accounts. And because users often use the same password across multiple online accounts and don't change them, hackers can often get in.
Up until the last few days, the majority of attacked devices were reported to be in Australia, but according to Apple’s support thread, a number of victims have began being attacked in the US.
"I'm in the US. Never been to Australia. Hacked last night…," one user wrote.
"Currently restoring to try and get back online," they added.
Former Victoria Police superintendent Tony Warren was one of the higher-profile targets hit. He told Fairfax Radio he was startled in the middle of the night by the hackers infiltrating his iPad.
"Basically the message was that I had been hacked by Oleg Pliss, was the name given, to contact him on a telephone number... and pay $50 to unlock my iPhone and iPad," Warren said.
It is likely hackers are using the unusual name as a front to get money from people. A real Oleg Pliss is a software engineer at tech company Oracle.
Contacted by Fairfax, Mr Pliss said he was not a hacker.
"I have never hacked any Apple device," he said.
"I am not aware that my name is being used. But there could be other person with the same name."
A similar name is listed on LinkedIn as a banking professional in Ukraine, while there are others in Russia.
Sydney Apple user Susan Walker told Fairfax she lost everything on her iPhone due to the hijacking.
"As I did not have a password on my phone the phone was blocked [from being used]," she said.
"I spent [Wednesday] at the Apple Genius bar having my phone reinstalled. All information (outside my iTunes backup) was lost. I now have a password installed on my iPhone!
"It was awful!"
She said the Castle Hill Apple store she went to "knew nothing" about the issue.
"At no point did I consider paying this scum!" she added, referring to the hacker.
Jayne Cho, an Australian living in South Korea, said her iPhone and iPad was targeted.
"I was woken at 2am with both my iPhone and iPad screaming an alarm and presenting the … message about the device being hacked by Oleg Pliss," she said.
Peta Santoro in Perth was one of the luckier ones who had a passcode set on his device, meaning that he could ignore the hacker's message just by logging in with his passcode.
"My iPhone was protected with a passcode so I was one of the people who were able to still unlock their phones," he said. "My password was one which I used across a number of different websites so I've learnt my lesson and will be allocating different passwords to everything."
When contacted, Australia's three big telcos - Telstra, Vodafone and Optus - referred the matter to Apple. Telstra was the only one to acknowledge the issue in a statement to Fairfax.
"We're aware of the reports and we’ve referred the matter to Apple," Telstra said.
"In the meantime customers who need assistance can contact AppleCare."
In addition to changing passwords, IT security experts have recommended Apple users enable "two-factor authentication" on their accounts if they don't already have it by visiting:http://support.apple.com/kb/ht5570. This acts as a second layer of security by making users have to enter a code that is sent to their mobile device before they are granted access to their account.
- Go to My Apple ID (appleid.apple.com).
- Click "Manage your Apple ID" and sign in.
- If you have two-step verification turned on, you'll be asked to send a verification code to the trusted device associated with your Apple ID. If you're unable to receive messages at your trusted device, follow the guidelines for what to do if you can't sign in with two-step verification.
- Click "Password and Security".
- In the "Choose a new password" section, click Change Password.
- Enter your old password, then enter a new password and confirm the new password. Click Save when done.