Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  iOS hack highlights the need for good password policy

iOS hack highlights the need for good password policy

It seems we can’t go a week without another site issuing a warning over compromised user passwords and potential data breaches. That certainly seemed to be the case when a large number of users of Australian Apple iOS devices — iPad and iPhones — reported that they’d been locked out of their devices entirely, with a message stating:

“Device hacked by Oleg Pliss. For unlock device YOU NEED send voucher code by 50 $/one of this (Moneypack/Ukash/PaySafeCash) to…”

The thing is, Apple stated that they had no evidence whatsoever of an attack, and at least at first, it appeared to only affect Australian users. If Apple’s internal account security were compromised, that’s more devices worldwide than the entire population of our own happy island, so you’d think that scammers would target everybody.

Instead, what seems most likely — because it’s not like scammers deliberately position themselves for interviews on the nightly news — is that the scammers got hold of passwords for other services and tried them, brute-force style against existing AppleIDs. The location of the hacks suggests that it may have been a particularly local service compromised, although there have been very limited reports of the Oleg Pliss scam on other iPhones overseas since.

If you’re curious as to how this could happen, it relates to the functionality built into iOS devices that allows you to remotely lock them if they’re lost or stolen. That’s quite handy if it happens to you, because you can block down the device, keeping your data safe while also displaying a message allowing anyone who found the device to return it. It also makes it more or less impossible for crooks to then sell on to anyone else.

Except, of course, unless the very login that you use to activate that service is compromised. Again, the details aren’t clear, although if Apple is being evasive about the hack it’s both very weird in its extreme locality, and opening itself up to some serious legal claims. Presuming no obfuscation, what seems more likely is that users hit by the scam have been using the same login and password combination across multiple services.

For logins that’s often unavoidable, because many services want you to use your existing email address. If you’re particularly paranoid you could set up unique email addresses for each service you use, but for most of us we want that kind of information centralised.

For passwords, however, it’s just plain lazy, and as this hack demonstrates, an exceptionally bad idea. You’re not likely to get actual satisfaction out of whoever’s behind “Oleg Pliss” by sending them money, because like any blackmail scam, it just alerts them to the fact that you’re willing to pay.

Having a solid password strategy with unique passwords isn’t hard if you use password management software such as Keepass or 1Password, both of which will generate strong and unique passwords for you on demand. Equally, where services allow for two-factor authentication (and Apple’s services do) it provides another barrier to this kind of attack.

If you’re reading this and you have been hit with the bug, it’s not actually insurmountable to get your device back up and running. If you synchronise your iOS device with iTunes on your computer, restoring from a backup of your device as per Apple’s instructions here should get you back up and running. Also, obviously, change your passwords to unique combinations for each service pronto!

If an iTunes restore doesn’t work, you may be able to gain access to your device with a recovery mode reset. That’s a destructive reset — so it’ll wipe everything on the iPhone or iPad, so it’s really an option of last resort — and as per Apple’s instructions involves:

  1. Turn off your device. If you can’t turn it off, press and hold the Sleep/Wake and Home buttons at the same time and wait a few seconds for it to turn off.
  2. Plug the device’s USB cable into your computer only.
  3. Hold down the device’s Home button as you connect the USB cable to it.
  4. When you see the Connect to iTunes screen, release the Home button. If you don’t see this screen, try steps 1 through 3 one more time.
    iTunes should open and display a message such as: “iTunes has detected an iPhone in recovery mode. You must restore this iPhone before it can be used with iTunes.”
  5. Use iTunes to restore your device.

A reminder again: That’s a DESTRUCTIVE reset, so you should only use it as the option of last resort, because it’ll give you access back to your device. Hopefully you won’t need to go that far if you have been unlucky to be hit by this particular scam.


Recent News

Apple recently announced a slew of new hardware to tempt consumers with at a “virtual” streamed launch event it called “California Streaming”. The headline act was without doubt a very much expected upgrade to its iPhone lines, bringing the iPhone 13 family to market. Every year, roughly around September or October, you can expect a

Do you ever get tired of rolling your mouse, fiddling with your trackpad and running through tabs in order to switch between apps, jump into your spotlight search or close a page? How about finding a specific file, locking your computer or any of the other dozens of functions you need your computer to accomplish

A recent US court ruling could lead to some significant changes in the way that you pay for apps and subscriptions on mobile devices, tablets, and computers in the future. Epic Games, makers of the popular (and highly lucrative) video game Fortnite offered that game on Apple devices including its iPhone and iPad lines, but

It was no secret that Microsoft was going to release the next version of Windows later this year. I’ve already written up my early impressions of Windows 11. That was based on the beta version while I waited for Microsoft to press the big red “go” button for actual consumer availability. Microsoft recently announced when

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More