Some iPhone, iPad and Mac users are reporting their devices have been compromised, with a message appearing that locks owners out and demands a US$100 ransom be sent to the hackers over PayPal. While the cause of the vulnerability hasn't yet been established, there's one common factor: it looks like every hacked device was sold in Australia.
iTnews reports that the ransomware appeared in the last few days, with some some threads on Apple's support forum and Whirlpool detailing the problem. The original post from user 'veritylikestea' in Melbourne on Apple Support Communities best describes the issue:
i was using my ipad a short while ago when suddenly it locked itself, and was askiwhich I'd never previously set up. I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail.com) to return them to me.
Other users on the support forum describe seeing a similar message on their iPhones and iPads, and some Mac laptop and desktop users have similar experiences. It's not immediately obvious how the attacker has accessed these devices, since there is no unifying factor beyond them all being Apple and using iCloud, but it seems like Find My iPhone is being used to remotely lock devices and display the ransom message.
Some Whirlpool commenters are theorising a man in the middle attack has intercepted traffic between Apple devices and servers through certain ISPs, while others are blaming poor password security or a compromised password database in a third-party website that has matched some users' details to their iCloud accounts. We've reached out to Apple for comment on the issue.
Until there's some explanation, to avoid falling victim to this possible attack, it's a good idea to change your Apple password to a strong and unique one, use a passcode on the device itself (or Touch ID on an iPhone 5S), and enable app- or SMS-based two-factor authentication on any online accounts that can use it, like Facebook, Google and Twitter. [iTnews]