Forgot your password?
typodupeerror
Australia Cloud Crime IOS Security IT

Australian iPhone and iPad Users Waylaid By Ransomware 52

Posted by timothy
from the beware-the-jabberwock-my-son dept.
DavidGilbert99 (2607235) writes "Multiple iPhone/iPad/Mac users in Australia are reporting their devices being remotely locked and a ransom demand being made to get them unlocked again. However, unlike PC ransomware, the vector of attack here seems to be Apple's iCloud service with the attacker getting to a database of username/password credentials associated with the accounts. It is unclear if the database was one of Apple's or the hacker is simply using the fact that people reuse the same password for multiple accounts and is using data stolen from another source. Apple is yet to respond, but there has already been one report of the issue affecting a user in the UK."
This discussion has been archived. No new comments can be posted.

Australian iPhone and iPad Users Waylaid By Ransomware

Comments Filter:
  • by Anonymous Coward on Tuesday May 27, 2014 @07:57AM (#47098637)

    Is anybody else getting this, or is it discussed elsewhere? When I try to login via Chrome I get a screen with "The site's security certificate has expired!", and a similar message w/ Mozilla (26.0). This is on Windows 7 (hey, my work machine). IIRC I've been getting this since the end of last week, and nothing in my setup has changed.

  • by Anonymous Coward on Tuesday May 27, 2014 @08:06AM (#47098695)

    Where do you get such misinformation? Apple deprecated the use of OpenSSL [appleinsider.com] when it deprecated CDSA back in 2011 for OS X in favor of Common Crypto. At the time there was some mumblings about how Apple didn't like standards. And Apple has never used OpenSSL in iOS.

    . . . although OS X provides OpenSSL libraries, the OpenSSL libraries in OS X are deprecated, and OpenSSL has never been provided as part of iOS.

  • Re:MITM attack (Score:5, Informative)

    by Anonymous Coward on Tuesday May 27, 2014 @08:16AM (#47098743)

    It's not a MITM atack, but rather the hackers are exploiting a vulnerability in iCloud. Then, using the "Find Device" option they block the phone and demand a 100 euro ransom to unlock them, which the user must pay via PayPal. If the user had enabled two-step authentication they could re-gain control of the phone, otherwise they would be forced to pay the ransom. Full article from the Sydney Morning Herald: http://www.smh.com.au/digital-life/consumer-security/australian-apple-idevices-hijacked-held-to-ransom-20140527-zrpbj.html

Lo! Men have become the tool of their tools. -- Henry David Thoreau

Working...