Ransomware — Pirates want your phone

Jon Reid newsroom@thewesternstar.com
Published on June 3, 2014

Ransomware. Even the term lends itself to images of nefarious lurkers in the shadows, waiting for the ideal moment to snatch something you love and force you to pay dearly for its return.

Of course it’s also software, so in this case they are holding your data for ransom. More specifically, the data on your smartphone.

On May 27, some iPhone, Mac and iPad users in Australia and the UK suddenly found themselves locked out of their devices. A popup message stated, “Device hacked by Oleg Pliss.” Clicking the message informs the user they need to pay US$100 via PayPal to unlock the device. By Wednesday the issue started popping up in the US.

What makes this ransomware especially ironic? It appears that the hackers gained access to the Apple devices through an official Apple security app that’s free to download called Find my iPhone. One of the key features, Lost Mode, lets the user lock their phone, flagging it as lost or stolen. The device then requires a passcode to unlock. The makers of the ransomware leveraged this feature to remotely lock a series of phones.

You have to wonder if a follow up ransom demand will be forthcoming threatening the other Find My iPhone feature, Erase, deleting all content and settings.

Unfortunately, if you’re a victim of this ransomware the best option will likely end up wiping your phone anyway. Employees of the Apple store recommended to CBS that anyone affected should bring their phones in to be unlocked. Well, unlocked is a kind term, wiped and factory reset is more accurate.


Due to stolen passwords

How did this security feature turn into an attack vector for data kidnappers? Apple’s official release states its Internet backup and information sharing service, iCloud, is secure and the attacks are entirely due to stolen passwords.

Some say the recent massive password breach at eBay is a likely culprit. Why? Because, despite a never ending stream of warnings, most of us still use the same password or two across multiple online services. A single breach in any of the services you use can give hackers access to others. Especially if they can access your email.

Once there it’s just a matter of searching by keyword to see what other services you have, look up the account names, and even if you’ve used a different password, send a password reset request to the email they are already accessing.

Don’t get the idea that only iPhones are vulnerable to ransomware either. Android and Windows users have had their share as well.

Most recently, there have been reports that a version of the Koler ransomware is popping up on Android phones.

Koler uses a slightly different approach. Rather than simply denying you access to your phone, it implies that you have illegal content on your phone and that authorities will open a criminal case against you unless you pay a fine.

The difference here is that the Koler ransomware requires you to be tricked into downloading it first. The iPhone ransomware scam can happen without any malware, someone just needs access to your iCloud password.


Ducking responsibility

Still, it feels like Apple is just ducking responsibility here. Password breaches are a fact of life, becoming more and more common.

And online services are becoming less of a convenience and more of a necessity. Isn’t it time that extra measures were put in place to help protect people that are clearly unable, and in some case just unwilling, to protect themselves?

Even something as simple as a PIN number that isn’t stored on iCloud. If you aren’t 100 per cent certain that your Apple passwords are secure (admit it, you aren’t) then disable the Find My iPhone feature immediately. It’s just not worth the risk.

For the record, I’ll give you the talk that you’ve heard a million times once more. Back up all of your devices early and often. Make those passwords as secure as possible and use different passwords everywhere.


Jon Reid is an IT professional working in Corner Brook. His column appears every other Tuesday in The Western Star.