There is a rapidly-growing topic on Apple’s forums right now in which Australians seem to be having iOS devices getting locked remotely. The affected devices are displaying a message claiming that they have been hacked by “Oleg Pliss” and demanding that a $100 USD payment be sent to a particular Paypal account.
It’s unclear at this point exactly how this is happening, but it seems evident that the affected users are having their Apple IDs hacked. Typically, such hacks involve things like weak passwords falling to brute force attacks by a botnet or falling for a phishing attack. That doesn’t really explain the fact that all the affected users appear to be located in Australia, however. Perhaps the most likely possibility is that an Australian e-mail provider has been hacked, giving hackers the ability to reset the password of weakly-protected Apple IDs associated with those e-mail addresses. Regardless of how it’s happening, though, those Apple IDs are being compromised.
Once hackers have access to your Apple ID, they can remotely lock all your iOS devices with a message. They can also see any data stored in iCloud (calendars, contacts, e-mail, notes, etc). If you have a Mac with Back to My Mac enabled, they could potentially get remote access to that. They could also make purchases on your Apple ID. For all these reasons, it’s very important to protect your Apple ID.
Unfortunately, there are ways that a hacker can lock you out of your Apple IDpermanently. Hackers can change your security questions, which is a hassle to deal with but is technically recoverable. However, they could also enable two-factor authentication, and thus permanently lock you out of your Apple ID! Once two-factor authentication is enabled, Apple cannot help you regain access to your Apple ID.
If the idea of losing your Apple ID permanently doesn’t scare you, consider two things. First, all your purchases are tied to your Apple ID. Without your Apple ID, you could lose all your purchased music, movies and apps. More importantly, on devices running iOS 7 with Find My iPhone/iPad/iWhatever turned on, a hacker in control of the Apple ID can lock the user out of that device permanently! That’s right… your expensive iPad could be turned into an expensive doorstop. Restoring the device to factory settings will not be possible without the Apple ID, and Apple cannot unlock it for you.
Affected users will need to regain access to their Apple IDs. Reset the password, and make sure to change it to something very secure. Next, I strongly suggest that you enable two-factor authentication on your Apple ID. Doing so provides additional security, and should prevent the hacker from ever being able to take control of your Apple ID entirely away from you. When you enable this feature, be sure to store the recovery key very carefully! Write it down and put it in a safe, or store it in an encrypted (and well backed-up) place, such as your keychain.
Once your Apple ID is protected, a remotely locked device can be unlocked by following these directions from Apple:
http://support.apple.com/kb/ht1212
For those who might be upset at Apple at policies that make it difficult to regain access to a locked device, consider the opposite. Hackers used to be able to get access to Apple IDs by convincing an Apple tech that they were the owner of the account. Apple’s policies began to change abruptly after Mat Honan had his digital life effectively destroyed by hackers who gained access to his Apple ID.
Although it’s still unknown exactly what’s going on, Australian users of iOS devices should take heed and secure their Apple IDs, as well as the e-mail accounts associated with their Apple IDs. This is a good opportunity for people elsewhere to review the security of their Apple IDs as well.