Free Republic
Browse · Search
General/Chat
Topics · Post Article

How to defend against Apple's Oleg Pliss iCloud attack
By Jonny Evans
May 27, 2014 7:50 AM EDT

Australian Apple device users are finding their iDevices locked by some hacker demanding cash. Here's how to defend yourself, and what to do if you've been hit.

There have been several high-profile attacks in which passwords and email addresses have been stolen -- principally, attacks on Adobe and eBay.

Those who use the same password across several accounts (ebay and iCloud, for example) are vulnerable. If that's you, then change your password for both accounts immediately. Stop reading this and change them now. (If you use the same passwords on other accounts you should also change those.) Use an original password for each account.

Apple offers two-step verification for devices. Everyone should use this -- iCloud is already a central repository for contact, password, payment and other essential information. This means it makes absolute sense to make iCloud as secure as possible, and that means two-step verification. Read Apple's FAQ for information about this additional security layer.

The hacker who is attacking Australian users employs Apple's Find My iPhone service to lock devices and leave a ransom note on the display.

"iPad woke me at 4.30am with the message 'Your device has been hacked by Oleg Pliss'," a user said.

If you have a passcode for your device, then you don't have a problem -- just use the passcode to get into your device again, and change your iCloud password. Find My iPhone can only set its own code if you have not created your own passcode for the device.

If you've been hit

If you've been affected and already use a device passcode, just access your device using the code and change your password.

If you've been affected and are not using or have forgotten your passcode, then the nuclear option is to plug your device into your computer and run a Recovery Mode reset of your device. This will remove all your apps and data, but you can recover your most recent backup using iTunes, by following these instructions.

Some reports claim the following steps may help locked out users regain control of their device:

Common sense

While this experience is incredibly unfortunate for those affected, it is important to note people would not be impacted to any great extent if they simply follow common sense security advice -- and it has to call into question just how many users of other platforms are also vulnerable through complacency?

Sophos adds:

If nothing works, contact Apple support immediately. Apple did not immediately respond to queries on the matter.

11 posted on 05/27/2014 11:19:41 AM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 1 | View Replies ]


To: Swordmaker
Common sense

They left off the simplest common sense which is don't use gimmicky crap like:
using the Apple "Find My Device" ability to lock iPhones, iPads, and Mac computers

Live by the sword, die by the sword. If you simply keep track of your physical device, back it up, keep important stuff on a separate stick, then theft will be rare and meaningless other than having to buy a new box and restored from backup.

Furthermore it is not the user's responsbility to use different passwords, but EBay's responsibility to properly salt and hash passwords so there is zero chance of them being stolem when attackers get into their systems. If my services are designed properly I can use the same short password everywhere with no reduction in security whatsoever. The problem is that many sites are poorly designed and I try to stay away from those.

21 posted on 05/28/2014 4:33:06 AM PDT by palmer (There's someone in my lead but it's not me)
[ Post Reply | Private Reply | To 11 | View Replies ]

Free Republic
Browse · Search
General/Chat
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson