A strange rash of virtual iPhone kidnappings in Australia recently spread to the United States. Hackers appear to be using Find My iPhone to lock iOS devices remotely and then demanding a ransom to unlock them. Said ransom is payable through PayPal. You should not pay it.
Again, these incidents sound strange. Reports of the first incidents — all in Australia — appeared on Apple forums this week, followed by a report of ransomed iPhones in the US. Users reported finding their phones suddenly locked, with a message from Find My iPhone saying that the device had been “hacked by Oleg Pliss”.
Instructions to unlock the phone were simple: Send $50 to a PayPal account and the phone would be set free.
It’s unclear if the exploit happens due to a vulnerability in Find My iPhone or through a compromised iCloud account. Regardless, it’s worth changing your iCloud password if you’re worried about getting hit. Because of the recent eBay breach, some think that hackers are using credentials from other sites to log into people’s iCloud accounts. Better safe than locked out of your iPhone, right?
Even if you’ve already been hit, you just have to do a factory restore of your iOS device to get your phone back, the steps to which can be found here. And, if you’ve already been hacked, PayPal says it will refund the ransom money. PayPal also says there is no account matching the email address in the ransom note. Again, this is all very strange. [The Age via GigaOm]