An “Apple hijacking” scare that has rattled iPad and iPhone users in Australia has spread to New Zealand.
Cyber-safety organisation Netsafe said a Bay of Plenty woman fell victim on Tuesday, a day before Australian media began reporting several cases of people having their Apple devices remotely taken over by fraudsters.
Digital project manager Chris Hails said the woman’s iPad and iPhone were remotely disabled and a ransom demand appeared on-screen from an “Oleg Pliss”.
Both devices were Pin-protected, which appears to have prevented them being remotely wiped by the attacker.
Hails said the victim reported the issue to Apple through their Australian support line and they helped her regain control of both devices.
Some Apple users in Australia do not appear to have been as fortunate.
Fairfax Media earlier reported that iPhone user Susan Walker had lost all the data on her smartphone.
"I spent Wednesday at the Apple Genius bar having my phone reinstalled. All information outside my iTunes backup was lost,” she said.
The newspaper reported that attackers appeared to be logging into people’s Apple iCloud accounts using passwords guessed from a separate hack on a third party, before then locking their owners’ out of their devices using iCloud’s “lost device” feature.
If correct, the attacks would not work if people picked a unique password for their iCloud log-in, but many people use the same password for multiple online services to avoid forgetting them.
The Australian government's Stay Smart Online service and New South Wales Police have issued warnings to Apple users, suggesting they change their iCloud passwords as a precaution. There have also been reports of the same attacks taking place in the US.
Security-software makers have been keen to encourage smartphone owners to buy anti-malware products, but NetSafe said in a separate report published today that it had only ever received one report of a smartphone being directly hacked; an “older Android-powered smartphone” which was reset to factory settings using a browser-based exploit.
The bigger issue was people losing their devices, it found from a phone survey of 207 smartphone users. More than a quarter admitting to losing a mobile phone and the security of contacts and data was a key concern for businesses that issued staff with devices, it said.