There was a time when Apple was seen to be impenetrable, but in recent months cracks have started to show and it is now known that this is no longer the case. This has been made all too apparent recently by the ‘Oleg Pliss’ iPhone hack – first reported in Australia and New Zealand and now making its way across the globe with instances in both the US and the UK.
The evidence of the spread of the hack has come from the Apple online support community in which users in destinations other than those Down Under have been reporting being hit by the hack. The hack is essentially ‘ransomware,’ something that originated from Eastern Europe and Russia, and literally holds a device to ransom. This group of hackers has used cloud software to hack directly into phones. Owners are often woken in the middle of the night as if the iPhone is on ‘lost mode.’ A message from ‘Oleg Pliss’ (which in reality is a well known software developer so unlikely to be behind the scam) then appears asking customers to pay $50-$100 to have their account wiped of files or to regain access to the phone. The message often pops up in the middle of the night, just to maximise the potential for victims to respond as the hackers want them to.
Holding devices to ransom in this way is not new – it has been successfully used on laptops and desktops – but now it would seem that mobile is the new target. Database breaches and hacks to sites like Yahoo are thought to be giving hackers a helping hand, as many people have the same login details for email accounts as they would for their Apple ID. Hackers simply have to use the login details and disable the phone remotely.
There are a couple of very simple ways to prevent your phone from being attacked in this way – for example, make sure you have set a pass code for your phone and start using two step verification (i.e. a process that requires both something you know, such as your password, and something you have, such as your phone, to confirm your identity). Make sure that you have different usernames and passwords for all your different accounts so that hackers can’t take advantage of one security breach to carry out another.
If you do find yourself a victim of this particular scam then don’t pay anything at all. Instead, contact Apple Support straight away and tell them what has happened. If you can’t get through to them or the hackers have locked your mobile with a pass code then there is some useful advice on the Apple Support site. Remember to change your login and password as soon as you regain control of your phone – if you don’t then the hackers may simply change it once more and you’ll have to go through the whole process again.
ITC offers security consultancy on issues such as hacking – contact our team for more information.