Russian authorities have put into custody two suspects for hijacking iPhones and iPads. The hackers reportedly locked the Apple devices and then demanded payment to unlock the affected gadgets.
The suspects, who are facing a sentence of two years in prison if convicted, were arrested by Directorate K, which is the cybercrime department of Russia's Ministry of Internal Affairs.
The two hackers, one 23 years old and the other 17 years old, are residents of Moscow's southern administrative district, and have confessed to the crimes by surrendering self-incriminating evidence, as per the ministry. The authorities were able to seize computer equipment, mobile phones, SIM cards and books on the topic of hacking from the apartment of the suspects.
The ministry, however, did not reveal the number of people that the pair have victimized or if the attacks were only done within Russia. Similar attacks were carried out in Australia, with hackers leaving users out of their Apple devices.
The hackers used an exploit on Apple's Find My iPhone app. The app, which enables users to determine the location and lock their Apple devices which may have been stolen or lost, was manipulated by the suspects to carry out their extortion crimes.
The ministry said that the suspects used two methods to hack into the Apple devices.
"The first involved gaining access to the victim's Apple ID by means of the creation of phishing pages, (gaining) unauthorized access to e-mail or using methods of social engineering," the ministry said.
"The second scheme was aimed at attaching other people's devices to a pre-arranged account," which the hackers were able to do through an offer of Apple IDs with media content for lease online.
Apple said that the company's iCloud services were not affected by the hack. Users that receive notifications that their devices have been locked can take back control by inputting the correct passwords and modifying their Apple information. Users that do not use passwords, on the other hand, can gain assistance from Apple stores.
In addition, Apple warned its users of using one password over several accounts, as one compromised account will prompt the hacker to try accessing several other websites and services with the hacked password.
A report by Russian daily newspaper MK revealed that the search for the hackers was spurred by footage from a surveillance camera that shows the suspects withdrawing money from ATMs using cards that linked to the bank accounts where they instructed their victims to deposit the money that they were asking for.