From the Telegraph comes this interesting story:
It appears that the hacker, who goes by the name Oleg Pliss, has managed to exploit the Find My iPhone feature which can track and remotely lock stolen devices.
Users have been told to send ransoms of between $50 and $100 Australian dollars (up to £55) to a PayPal account in order to have their devices unlocked.
Those affected have taken to Apple’s support forums to seek help. One user, veritylikestea from Melbourne, said: “I was using my iPad a short while ago when suddenly it locked itself.
While it seems the actual method of exploitation is still unknown, several theories suggest phishing or brute forcing weak passwords, its clear that a number of users are being target by this new ransom scheme. This sort of attack is interesting in that usually criminals that take control of a customers credentials attempt to use it to purchase digital goods or some other scheme to make money but locking customers out of their device and ransoming it back its a interesting, although not unprecedented approach. What is really significant though about this attack is the logical next step which is leveraging thins such as API’s or services provided by Google, Apple, and the like to remotely lock or wipe devices for large scale Denial of Service or disruption. One can only imagine the Chaos a criminal could cause to, lets say a financial company, that equipped its employees with enterprise wide iPhone distribution.