Hackers demanding ransoms by locking iOS devices through Find My iPhone

A number of iOS owners in Australia have lost access to their devices courtesy of a digital hack, according to The Age. The first incident appeared on an Apple support forum on Monday and was soon followed by dozens more. Owners of the iPhones(s aapl) and iPads are finding that their devices are locked and will only be unlocked if they send money to a specific PayPal(s ebay) account. While the original issue was constrained to Australia, a U.S. iOS device owner claimed to be hacked in the same manner on Tuesday.

can't find my iphone

The hack appears related to Apple’s Find My iPhone app, which assists in finding a lost device. It’s not clear if the hacked devices are locked due to an exploit in the app or because the hackers have access to certain iCloud or Apple accounts. The devices can be unlocked through a factory restore process reports one forum poster who worked through this process with Apple support:

“Turn off your phone. Plug your cable into the computer and have itunes up (do not plug into the phone yet). Press and hold the home key on your off phone (I did mine for about 10 seconds). If nothing happens, plug in the cable into your phone (keep holding the home key). What you want to see come up is the picture of itunes and cable on the front of the phone. Your itunes should then recognise the phone as an unidentified phone. Select restore factory settings (it should down load some software) ~15 mins and automatically install

The phone should go through some of the standard reset screens (usually black screen with apple icon and loading bar). You will be prompted to restore the phone…. do this from itunes not the phone. Throughout this process you must not let the phone or computer go into sleep mode…. and don’t disconnect.”

We’ve reached out to Apple for comment and will report back with any response. Given the recent rash of online account theft of late — think eBay just five days ago — my suspicion is that this issue may be related as some people still use the same account credentials for multiple services. One of the affected forum posters in fact noted that he did use the same ID and password for both eBay and Apple’s iCloud service.