Symantec has recently detected reports on Apple’s support community and social networks that users in Australia and New Zealand have had their Apple IDs compromised. Apple devices are being remotely locked and held for ransom by someone claiming to be Oleg Pliss, a software engineer at Oracle, who has been randomly chosen to take the fault for the attacks.
Based on initial feedback, a number of Apple IDs have been compromised and used to lock iPhones, iPads, and Macs. It remains unclear exactly how the Apple IDs were compromised, but possible explanations include phishing attempts, weak passwords, or password reuse. A separate breach involving emails and passwords used to login to Apple and iCloud could have facilitated the compromise of the Apple IDs.
Once an Apple ID is compromised, attackers can access the Find My iPhone feature in iCloud. This feature is used to locate the Internet-connected iOS devices and turn on the Lost Mode feature. Once Lost Mode is turned on, the attacker can remotely play a sound, lock the device, and display a ransom message.
Symantec is advising users to not pay the ransom. “There is no guarantee that the criminals responsible will unlock your device.”
While the devices have been locked, the root issue is the compromise of the Apple ID. First, users should login to their Apple ID account and confirm that the password has not been changed. If it has not, they should immediately secure the account by changing the password. Once changed, login to the iCloud account and sign out of all browsers just to be safe.
If users had set a passcode on their device prior to the compromise, they can simply unlock it by inputting the passcode.
However, if the user did not set a passcode on the device, then the phone will remain locked. This is because the attacker is required to set a passcode for the device when enabling the Lost Mode feature. In this scenario, users are advised to call Apple support for further assistance. However, most users are reporting that the only option to recover the device is to wipe the device and restore it from a backup.
Symantec: How to secure your Apple ID and devices:
- Set a passcode on your phone or tablet. We cannot stress this one enough. Although it may be annoying to have to input a passcode to unlock your device, it is a basic security measure to prevent unauthorised physical access to your device. And in this case, it could save you the trouble of having to perform a factory reset on your device.
- Use a strong, unique password for your Apple ID. If you need help creating a strong password, use a password generator and consider using a password manager, such as LastPass, 1Pass, KePass, or Norton Identity Safe.
- Set up two step verification for your Apple ID. While it is labelled as an optional security feature, enabling two step verification will make it that much harder for an attacker to access your account without having physical access to your phone or other trusted device.
- Back up your devices. In the event that you have to perform a factory reset, having a backup will ensure you do not lose your settings, messages, photos and documents.