Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian iPhone and iPad Users Waylaid By Ransomware

Posted by timothy on from the beware-the-jabberwock-my-son dept.

DavidGilbert99 (2607235) writes "Multiple iPhone/iPad/Mac users in Australia are reporting their devices being remotely locked and a ransom demand being made to get them unlocked again. However, unlike PC ransomware, the vector of attack here seems to be Apple's iCloud service with the attacker getting to a database of username/password credentials associated with the accounts. It is unclear if the database was one of Apple's or the hacker is simply using the fact that people reuse the same password for multiple accounts and is using data stolen from another source. Apple is yet to respond, but there has already been one report of the issue affecting a user in the UK."

5 of 52 comments (clear)

  1. How do they get the Money? by wisnoskij · · Score: 3, Insightful

    Wouldn't the FBI/other put a trace on the account and prevent the criminals from withdrawing without revealing themselves, within a day or two?

    It is not like the message is: "Leave 10,000 dollars under the bridge, and come alone or your data gets it."

    --
    Troll is not a replacement for I disagree.
  2. Re:My heart bleeds for them. by sribe · · Score: 5, Insightful

    Apple is built on older versions of OpenSSL - this looks like it might be because they weren't quick enough to adapt, and someone snuck in under the radar. Lets hope they get it sorted quickly!

    Apple deprecated the use of OpenSSL in 2011, and the version shipped with OS X was never updated to the versions which introduced Heartbleed. Strike 1!

    OpenSSL has never been used in iOS. Strike 2!

    Apple also was not using affected versions in any of its online/cloud services. Strike 3!

    You're out! Your post was ridiculously bad even by /. standards!

  3. Re:My heart bleeds for them. by Anonymous Coward · · Score: 1, Insightful

    And iOS Users in Australia are so much better off for it!

    Oh wait,,,.

  4. Re:My heart bleeds for them. by UnknowingFool · · Score: 3, Insightful

    How does this have to do with Apple using or not using OpenSSL? Right now the source of the attack is unknown but speculation is that people reuse their username (email) and passwords from other sites that have been compromised. So if someone has a list of yahoo credentials from heartbleed they might be able to take over someone's Apple account regardless if Apple used or did not use OpenSSL.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  5. It's you by ArchieBunker · · Score: 1, Insightful

    Looks fine from here. X11 and web browsers have had ugly fonts forever. Even today the default fonts still look like something CDE vomited up.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard