Australian Apple smartphones hacked and held to ransom
Cyberattackers demand payment for unlocking smartphones targeted through anti-theft feature
Reuters in Sydney and San Francisco
Multiple users on Apple's online support forum and Twitter have reported an unusual smartphone and tablet hack in which cyberattackers were said to have locked Australian users' smartphones and demanded payment in return for unlocking them.
The alleged cyberattackers, first reported by The Sydney Morning Herald, appeared to use Apple's "Find My Phone" feature to lock the devices' screens and send a message demanding money be sent to a PayPal account, according to multiple users. The anti-theft feature is supposed to lock phones that are reported lost.
Apple, in response to inquiries about the hacking, confirmed there had been an incident. The technology giant said it "takes security very seriously and iCloud was not compromised during this incident".
It recommended affected users change their passwords as soon as possible and avoid using the same username and password for multiple services.
An Apple spokeswoman in Sydney said Apple did not have any details on how widespread the incident was or whether it was contained to Australia.
Multiple users requested information on Apple's support forum about how to reset their phones or otherwise circumvent the lock, while other users also tweeted their concerns.
"I went to check my phone and there was a message on the screen saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded US$100," said "veritylikestea", a user from Melbourne, on an Apple discussion board.
Other users replied that they had received the same message.
Telstra, Australia's largest telecoms provider, said it was aware of the issue, while Vodafone Hutchison Australia said it was advising worried customers to contact Apple.
Reuters could not immediately verify the identity of the users or the accuracy of their claims.
"Oleg Pliss" is the name of a well known San Francisco-area software engineer for the Oracle company. However, there is no suggestion the real Pliss is involved in the hacking in any way.