Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  iOS hack highlights the need for good password policy

iOS hack highlights the need for good password policy

It seems we can’t go a week without another site issuing a warning over compromised user passwords and potential data breaches. That certainly seemed to be the case when a large number of users of Australian Apple iOS devices — iPad and iPhones — reported that they’d been locked out of their devices entirely, with a message stating:

“Device hacked by Oleg Pliss. For unlock device YOU NEED send voucher code by 50 $/one of this (Moneypack/Ukash/PaySafeCash) to…”

The thing is, Apple stated that they had no evidence whatsoever of an attack, and at least at first, it appeared to only affect Australian users. If Apple’s internal account security were compromised, that’s more devices worldwide than the entire population of our own happy island, so you’d think that scammers would target everybody.

Instead, what seems most likely — because it’s not like scammers deliberately position themselves for interviews on the nightly news — is that the scammers got hold of passwords for other services and tried them, brute-force style against existing AppleIDs. The location of the hacks suggests that it may have been a particularly local service compromised, although there have been very limited reports of the Oleg Pliss scam on other iPhones overseas since.

If you’re curious as to how this could happen, it relates to the functionality built into iOS devices that allows you to remotely lock them if they’re lost or stolen. That’s quite handy if it happens to you, because you can block down the device, keeping your data safe while also displaying a message allowing anyone who found the device to return it. It also makes it more or less impossible for crooks to then sell on to anyone else.

Except, of course, unless the very login that you use to activate that service is compromised. Again, the details aren’t clear, although if Apple is being evasive about the hack it’s both very weird in its extreme locality, and opening itself up to some serious legal claims. Presuming no obfuscation, what seems more likely is that users hit by the scam have been using the same login and password combination across multiple services.

For logins that’s often unavoidable, because many services want you to use your existing email address. If you’re particularly paranoid you could set up unique email addresses for each service you use, but for most of us we want that kind of information centralised.

For passwords, however, it’s just plain lazy, and as this hack demonstrates, an exceptionally bad idea. You’re not likely to get actual satisfaction out of whoever’s behind “Oleg Pliss” by sending them money, because like any blackmail scam, it just alerts them to the fact that you’re willing to pay.

Having a solid password strategy with unique passwords isn’t hard if you use password management software such as Keepass or 1Password, both of which will generate strong and unique passwords for you on demand. Equally, where services allow for two-factor authentication (and Apple’s services do) it provides another barrier to this kind of attack.

If you’re reading this and you have been hit with the bug, it’s not actually insurmountable to get your device back up and running. If you synchronise your iOS device with iTunes on your computer, restoring from a backup of your device as per Apple’s instructions here should get you back up and running. Also, obviously, change your passwords to unique combinations for each service pronto!

If an iTunes restore doesn’t work, you may be able to gain access to your device with a recovery mode reset. That’s a destructive reset — so it’ll wipe everything on the iPhone or iPad, so it’s really an option of last resort — and as per Apple’s instructions involves:

  1. Turn off your device. If you can’t turn it off, press and hold the Sleep/Wake and Home buttons at the same time and wait a few seconds for it to turn off.
  2. Plug the device’s USB cable into your computer only.
  3. Hold down the device’s Home button as you connect the USB cable to it.
  4. When you see the Connect to iTunes screen, release the Home button. If you don’t see this screen, try steps 1 through 3 one more time.
    iTunes should open and display a message such as: “iTunes has detected an iPhone in recovery mode. You must restore this iPhone before it can be used with iTunes.”
  5. Use iTunes to restore your device.

A reminder again: That’s a DESTRUCTIVE reset, so you should only use it as the option of last resort, because it’ll give you access back to your device. Hopefully you won’t need to go that far if you have been unlucky to be hit by this particular scam.


Recent News

Chromebooks are laptops that use Google’s Chrome browser as the basis for their operating system. We’ve discussed them before but to date most of the models sold in Australia have tended to be low cost models pitched at the education market. As a much more controlled computer there’s less that can go wrong with a

When Apple announced recently that it was going to shift from producing computers using Intel processors to its own “Apple Silicon” it also said that it would still produce some Macs with Intel inside over the next couple of years. That’s just what’s happened with the very first Mac Apple’s released since dropping its Apple

We live in an age where it’s absolutely assumed that the vast majority of your interactions with computers will be with visual interfaces – strictly speaking Graphical User Interfaces if you want to get on the jargon bandwagon – but it certainly wasn’t always that way. To get to the touch, voice and mouse-activated interfaces

Google recently started adding something to its search results in Australia. If you’ve searched with Google or watched YouTube in Australia, you’ve probably seen a small alert or popup window telling you that “a new law will hurt your search experience”. If you’re a YouTube creator in Australia you may have had an email from

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More