The Russian police recently said they arrested two hackers supposedly responsible for “hijacking” Apple products via Find My iPhone, locking owners out until they pay a ransom to regain access. According to a statement from Directorate K, the Russian Interior Ministry’s cybercrime arm, the alleged hackers could potentially face up to two years in jail if found guilty of perpetrating the hijackings according to Re/code.
Directorate K wouldn’t disclose how many Apple product owners had been hit by the attacks and also declined to comment on whether the victims were nationals or foreigners. Since the hackers went through Apple’s iCloud, they could potentially have hit targets anywhere in the world. The ministry believes the attackers used Find My iPhone to break into users’ devices and lock them remotely. Instead of using brute force or password reuse, the department said the pair of alleged hackers relied on two main scams. According to the ministry:
The first involved gaining access to the victim's Apple ID by means of the creation of phishing pages, (gaining) unauthorized access to email or using methods of social engineering. The second scheme was aimed at attaching other people's devices to a prearranged account.
Although the statement failed to recognize a series of recent attacks outside of Russia, the arrested hackers’ tactics are identical to those used to break into iPhones, iPads and Macs in Australia, New Zealand, the US and Canada. At the time, multiple users reported being locked out of their Apple devices through Find My iPhone’s remote lock feature. A message sent to many devices read, “Device hacked by Oleg Pliss,” and directed owners to pay up to $100 to a Russia-based PayPal account for a device unlock. For its part, Apple released a statement days after the hijacks were first reported stating that iCloud wasn’t compromised in the scam.