iPhones Being Held For Ransom, Possible iCloud "Hack" To Blame

Over the past several days reports of iOS devices being locked via 'Find My iPhone' and held for ransom have been mounting and as of yet no one can explain what is going on or how the hackers gained access to the iCloud accounts.

Reports initially began to trickle in earlier this week, when Australian newspaper The Age discovered Tweets and forum posts from owners of Apple devices from across Australia. Users were reporting receipt of a Find My iPhone message indicating their iPhones and other iOS devices gad been remotely locked by "Oleg Pliss". The message, seen below, is demanding payment of a US$100 ransom via PayPal to unlock affected devices.

It now appears as though the issue is much more widespread and encompassing! The original Apple Support community page has grown to include 27 pages (at post time) of iOS devices owners posting reports similar problems.

Of course the first thing people assume when they see their locked device is that somehow, Apple is to blame. It must be a vulnerability in iCloud, right? When asked to comment Ben Grubb from the Sydney Morning Herald got this response from Apple.

The blanket generic response "we take security seriously" statement doesn't mean much. Apple is denying any compromise of iCloud and implying that weak user credentials are to blame. This may in fact be case! We know from numerous reports that people often make very bad password choices. However, their response is dismissive and does little to reassure a customer.

So how is this iCloud hack being propagated?

At this time no one really knows for sure, and Apple sure isn't saying.The only statement issued so far follow those Mr. Grubb recieved:

In full, Apple said: "Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."

The ransom may just be the beginning!

Locking a users iPhone or iPad and asking for $100 could just be the start of something far grater. If the hackers truly have full access to someone's iCloud account there is much, much more potential than just a small ransom.

For starters, most people use iClouds automatic back-up feature to keep their device contents in Apple's cloud. An attacker with control over someone's iCloud has full access to those contents and the ability to restore one of these backups to their own device. This means they get the victim's photos, videos, documents, iMessages, email stored on the device and basically any conceivable digital asset the victim has on their iPhone or iPad. It's a very large collection of extremely personal data.


There is also the potential and very real threat of stalking victims or using their location data. Find My iPhone present the location data of each device the hackers have on a map. Clearly that creates the potential for a serious invasion of privacy, particularly when you consider that families often have multiple devices under the one iCloud account.

In addition to the above threats we are hearing that it's not just iDevices connected to iCloud that have been breached. According to a few reports we've already seen Macs impacted as well. This opens the door to a whole new level of intrusions and data leaks.

The hard reality is that our digital lives are so intrinsically chained together across otherwise independent devices that a breach of a common service like iCloud can have very broad-reaching ramifications.