Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Australia Cloud Crime IOS Security IT

Australian iPhone and iPad Users Waylaid By Ransomware 52

Posted by timothy
from the beware-the-jabberwock-my-son dept.
DavidGilbert99 (2607235) writes "Multiple iPhone/iPad/Mac users in Australia are reporting their devices being remotely locked and a ransom demand being made to get them unlocked again. However, unlike PC ransomware, the vector of attack here seems to be Apple's iCloud service with the attacker getting to a database of username/password credentials associated with the accounts. It is unclear if the database was one of Apple's or the hacker is simply using the fact that people reuse the same password for multiple accounts and is using data stolen from another source. Apple is yet to respond, but there has already been one report of the issue affecting a user in the UK."
This discussion has been archived. No new comments can be posted.

Australian iPhone and iPad Users Waylaid By Ransomware

Comments Filter:
  • by johnjones (14274) on Tuesday May 27, 2014 @07:58AM (#47098649) Homepage Journal

    seems like they might have been a target of MITM attack

    personally I would advocate support for DANE in apple products :

    http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities

    http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities [wikipedia.org]

    not a total solution but it would help

    regards

    John Jones

    • Re:MITM attack (Score:5, Informative)

      by Anonymous Coward on Tuesday May 27, 2014 @08:16AM (#47098743)

      It's not a MITM atack, but rather the hackers are exploiting a vulnerability in iCloud. Then, using the "Find Device" option they block the phone and demand a 100 euro ransom to unlock them, which the user must pay via PayPal. If the user had enabled two-step authentication they could re-gain control of the phone, otherwise they would be forced to pay the ransom. Full article from the Sydney Morning Herald: http://www.smh.com.au/digital-life/consumer-security/australian-apple-idevices-hijacked-held-to-ransom-20140527-zrpbj.html

  • by jones_supa (887896) on Tuesday May 27, 2014 @07:59AM (#47098653)
    The article font in the IBTimes website is really pleasing to read, because it has enough weight. Thin characters on many websites make my eyes bleed.
    • It's you (Score:2, Insightful)

      by ArchieBunker (132337)

      Looks fine from here. X11 and web browsers have had ugly fonts forever. Even today the default fonts still look like something CDE vomited up.

    • by AmiMoJo (196126) *

      On the other hand, fuck them for overriding my font choices. Some decorative font use is fine, but the bulk of the article should always be in "sans-serif" or "serif".

  • by wisnoskij (1206448) on Tuesday May 27, 2014 @08:03AM (#47098673) Homepage

    Wouldn't the FBI/other put a trace on the account and prevent the criminals from withdrawing without revealing themselves, within a day or two?

    It is not like the message is: "Leave 10,000 dollars under the bridge, and come alone or your data gets it."

    • Wouldn't the FBI/other put a trace on the account and prevent the criminals from withdrawing without revealing themselves, within a day or two?

      It is not like the message is: "Leave 10,000 dollars under the bridge, and come alone or your data gets it."

      That, and PayPal also says the account doesn't exist. Then again, just because they are smart enough to hack the Apple servers does';t mean they aren't stupid in other ways; or maybe are arrogant enough to feel they are untouchable?

      • by Sockatume (732728) on Tuesday May 27, 2014 @09:23AM (#47099173)

        Maybe this was a proof-of-concept hack and they didn't want to take the risks involved in setting up an actual Paypal account they could extract money from until they were sure it worked?

        • Maybe this was a proof-of-concept hack and they didn't want to take the risks involved in setting up an actual Paypal account they could extract money from until they were sure it worked?

          Possibly. Problem is now that they know it works how do they let people know where to pay; plus PayPal is unlikely to allow payment so they need to find another untraceable way to collect cash and notify their victims before Apple does a fix.

        • Maybe this was a proof-of-concept hack and they didn't want to take the risks involved in setting up an actual Paypal account they could extract money from until they were sure it worked?

          Sorry about two replies. This could all be a eats for some more involved attack beyond simple locks and they don't care about the locked devices or payment.

  • by hcs_$reboot (1536101) on Tuesday May 27, 2014 @08:25AM (#47098787)
    If you happen to tap your Apple ID / password in a subway, in a crowded place or under a surveillance camera, and someone can see it, your account is not blocked, it's hijacked... and you know nothing about it! Thanks to iCloud, where is my i* and the like, that someone may see your personal data, where you are at this very moment, and where you go usually etc... As long as he doesn't alter your data, you don't know. It's been a recurring problem with Apple IDs. Google gmail shows a list of recent activity with IP adresses, and warns immediately about suspicious activity, like a connection from a far/different IP. http://www.forbes.com/sites/adriankingsleyhughes/2012/08/04/the-dangerous-side-of-apples-icloud/ [forbes.com].
    • by Sockatume (732728) on Tuesday May 27, 2014 @09:21AM (#47099151)

      Apple do have two-factor authentication these days. If you have that enabled, anyone attempting to log on to your account has to have access to one of your devices or one of your fall-back accounts. Frankly, that should be turned on by default.

      My new rule of thumb is that anything I don't have protected by two-factor is something I can afford to lose access to. That's not to say that two-factor is a panacea - it's very easy to set it up so it's useless by, for example, giving a less-secure email address as a fall-back - but it's the minimum for anything I care about.

      • Until it becomes a hassle. Example, I just got a new phone last week and didn't have a chance to update my google authenticator app to the new device. It was a vacation so the computer stayed at home. I ordered tickets online at went to print at the hotel only to realize I couldn't access my gmail account to print. I was still able to goto Will Call to pick up the tickets, but it still meant waiting in line for 15 minutes, something we had hoped to skip by purchasing online.

  • If the phone is locked, on wonders how they contact the owner to tell them their locked phone is being held for ransom.
    • by thaylin (555395)
      By the email address tied to the account?
    • by Sockatume (732728)

      The same way they locked the phone: Find My iPhone lets you display a message on the device, along the lines of "Please return me to the front desk" or "Call me on *othernumber*".

      • That is a reasonable explanation. Kind of sad when we live in a society where phones can be kidnapped. I hope they don't start kidnapping my Taco Bell orders before I can get to the window.
  • I’ll be you my iCloud password, it’s a re-wrap of this:

    http://soylentnews.org/article... [soylentnews.org]

    If you can MitM a “consenting” user to unbrick a stolen phone, I can’t see any reason it doesn’t work the other way around.

    • by ruir (2709173)
      It is not that easy. For this variant to work, either an ISP operator has to be running an old/vulnerable DNS service, or the attacker has to poison the local network/DNS. The easiest way of all, is being in the same network as the victim, and even so, some newer infra-structure allows you to block intra-client talk, with pretty much invalidates this kind of protocol attacks. Nevertheless, this scheme works IF the victims have their host files in their Windows machines modified by some malware so much more
  • by Anonymous Coward

    Isn't Apple's "walled garden" itself a form of ransomware?

If I have seen farther than others, it is because I was standing on the shoulders of giants. -- Isaac Newton

Working...