OLEG PLISS iCloud hack: Apple implies user stupidity

oleg-pliss-hack.jpg

Pseudonymous hacker locks Macs and iToys; demands money.

Has Apple (NASDAQ:AAPL) been hacked? Or are users reusing weak passwords?

Most commentators are rushing to the latter conclusion, but that assumption doesn't seem to add up, despite Apple denials that blame users.

In IT Blogwatch, bloggers add 2+2.

Your humble blogwatcher curated these bloggy bits for your entertainment.

 

G'day, Ben Grubb. Who is Oleg Pliss?

Owners of Apple devices across Australia are having them digitally held for ransom by hackers demanding payment.

One iPhone user, a Fairfax Media employee in Sydney, said she was awoken at 4am on Tuesday to a loud "lost phone" message that said "Oleg Pliss" had hacked her phone. ... It is likely hackers are using the unusual name as a front.  MORE

 

And, in seven seconds, Stephen Withers on the vine:

Apple did not return iTWire's phone calls, so we cannot pass on any advice from the company.

It appears that the attacker has managed to obtain a list of Apple IDs and the associated passwords. ... However, at least one affected user says their iPhone was remotely locked a second time after they had changed the password [which] suggests that either Apple's systems have been compromised, communications between users and those systems are being intercepted, or [something] is being used to harvest the credentials.

The attacker may be targeting Macs as well as iOS devices.  MORE

 

So Abhi Beckert concludes that Apple itself has been hacked:

My friend’s phone was hit by this, and she claims to have [a] long random password...unique to her iCloud account. It seems unlikely to have been cracked unless there was a keylogger...we searched but did not find any evidence of that.

I think there is some kind of problem on Apple’s servers that allowed this attack — the fact everyone targeted seems to have purchased their phone in Australia or New Zealand...suggests this might be the case. ... Perhaps some Australia/New Zealand database of serial numbers was compromised, and this can be used to remotely lock a phone without knowing their iCloud password.  MORE

 

And Moriarty offers this interesting theory as to how:

It seems to have been a man-in-the-middle exploit to an apple server for this region.

It is said to be related to a group that have exploited the apple iCloud to unlock stolen devices.  MORE

 

UPDATE: Apple says not so, in this carefully-worded PR statement, which appears to blame the users:

Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.

 

But Carly Page turns again: [You're fired -Ed.]

News of this hack comes just a month after it was revealed that a flaw in iOS 7 allowed hackers to easily deactivate Find My iPhone and wipe users' iCloud accounts.  MORE

 

Meanwhile, georz offers this solution:

This is what I was told to do (and did) over the phone with applecare support.  MORE

Computerworld Blogs Newsletter

Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.  

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies