Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  iOS hack highlights the need for good password policy

iOS hack highlights the need for good password policy

iphonepincode

It seems we can’t go a week without another site issuing a warning over compromised user passwords and potential data breaches. That certainly seemed to be the case when a large number of users of Australian Apple iOS devices — iPad and iPhones — reported that they’d been locked out of their devices entirely, with a message stating:

“Device hacked by Oleg Pliss. For unlock device YOU NEED send voucher code by 50 $/one of this (Moneypack/Ukash/PaySafeCash) to…”

The thing is, Apple stated that they had no evidence whatsoever of an attack, and at least at first, it appeared to only affect Australian users. If Apple’s internal account security were compromised, that’s more devices worldwide than the entire population of our own happy island, so you’d think that scammers would target everybody.

Instead, what seems most likely — because it’s not like scammers deliberately position themselves for interviews on the nightly news — is that the scammers got hold of passwords for other services and tried them, brute-force style against existing AppleIDs. The location of the hacks suggests that it may have been a particularly local service compromised, although there have been very limited reports of the Oleg Pliss scam on other iPhones overseas since.

If you’re curious as to how this could happen, it relates to the functionality built into iOS devices that allows you to remotely lock them if they’re lost or stolen. That’s quite handy if it happens to you, because you can block down the device, keeping your data safe while also displaying a message allowing anyone who found the device to return it. It also makes it more or less impossible for crooks to then sell on to anyone else.

Except, of course, unless the very login that you use to activate that service is compromised. Again, the details aren’t clear, although if Apple is being evasive about the hack it’s both very weird in its extreme locality, and opening itself up to some serious legal claims. Presuming no obfuscation, what seems more likely is that users hit by the scam have been using the same login and password combination across multiple services.

For logins that’s often unavoidable, because many services want you to use your existing email address. If you’re particularly paranoid you could set up unique email addresses for each service you use, but for most of us we want that kind of information centralised.

For passwords, however, it’s just plain lazy, and as this hack demonstrates, an exceptionally bad idea. You’re not likely to get actual satisfaction out of whoever’s behind “Oleg Pliss” by sending them money, because like any blackmail scam, it just alerts them to the fact that you’re willing to pay.

Having a solid password strategy with unique passwords isn’t hard if you use password management software such as Keepass or 1Password, both of which will generate strong and unique passwords for you on demand. Equally, where services allow for two-factor authentication (and Apple’s services do) it provides another barrier to this kind of attack.

If you’re reading this and you have been hit with the bug, it’s not actually insurmountable to get your device back up and running. If you synchronise your iOS device with iTunes on your computer, restoring from a backup of your device as per Apple’s instructions here should get you back up and running. Also, obviously, change your passwords to unique combinations for each service pronto!

If an iTunes restore doesn’t work, you may be able to gain access to your device with a recovery mode reset. That’s a destructive reset — so it’ll wipe everything on the iPhone or iPad, so it’s really an option of last resort — and as per Apple’s instructions involves:

  1. Turn off your device. If you can’t turn it off, press and hold the Sleep/Wake and Home buttons at the same time and wait a few seconds for it to turn off.
  2. Plug the device’s USB cable into your computer only.
  3. Hold down the device’s Home button as you connect the USB cable to it.
  4. When you see the Connect to iTunes screen, release the Home button. If you don’t see this screen, try steps 1 through 3 one more time.
    iTunes should open and display a message such as: “iTunes has detected an iPhone in recovery mode. You must restore this iPhone before it can be used with iTunes.”
  5. Use iTunes to restore your device.

A reminder again: That’s a DESTRUCTIVE reset, so you should only use it as the option of last resort, because it’ll give you access back to your device. Hopefully you won’t need to go that far if you have been unlucky to be hit by this particular scam.

FacebookTwitterGoogle+Share

Recent News

pc-clean

Most people, if given the choice, will try to skip out on doing the evening dishes, or for that matter even loading a dishwasher. It’s not exactly the most thrilling of chores to undertake, but if you don’t clean your dishes somehow, everything ends up dirty and unusable. It’s much the same story for your… More 

fb

Facebook is a service beloved by many, because it makes it so very easy to keep in touch with friends, family, acquaintances and more in an environment that’s generally easy to use and that can be quite fun. It’s one of the world’s busiest web sites, and one of the tech world’s most valuable companies…. More 

browsers

The chances are good that when you browse the web, you’re doing so via Google’s own particular browser, Google Chrome. Chrome has anywhere between 47% to 60% of the browser market sewn up. That might not seem that impressive, but the next largest market share is usually given to Apple’s Safari browser at between 13%… More 

mackeyboarda

Apple sells itself as a premium brand, both in style terms, but also for the quality of the computing equipment it sells. That’s a proposition that can very much become quasi-religious for some folks, although few would suggest that Apple sells bad computing equipment. Wherever you sit on that spectrum, there’s no doubting that consumers… More