No Device is Infallible – Apple Hastily Submits iPhone Update After Ransomware Panic

March 30th, 2017 - Category - IT Security, Security

Apple has recently issued an iOS upgrade after a spate of incidents where iPhones appeared to have been “locked” by ransomware.

Some users had reported the browser becoming locked with a pop-up that could not be removed, accusing the user of accessing illegal pornography or pirating music – and threatening further action unless a ransom was paid.

Some users did pay the ransom, however the phones were not actually locked. Clearing the browser’s cache was enough to solve the problem. 

iphone ransomware.jpg

No Device is Immune, those made by Apple are Vulnerable Too

As is the case with Apple’s Mac OSX operating system, there is a false belief amongst users that Apple devices, including iPhones, are immune to viruses and malware.

This unfortunately common belief has led to many Mac users believing their devices are immune to malware and viruses, therefore not bothering to purchase antivirus software. This compounds the problem as it makes Mac users more enticing targets due to their non-existent defences.

Macs are not restricted by this – and cyber criminals routinely infect the devices with malware specifically coded to target them. Macs can’t get the same viruses that PCs do, but it’s no more difficult to write a virus designed for Macs than it is to write one for Windows. 

The iPhone’s “Walled Garden” isn’t 100% Effective at Stopping Cyber Criminals

The false belief that an Apple device is automatically secure is perhaps worse amongst iPhone users, due to the knowledge that the iOS sytem is a “walled garden”. This means that only apps signed off by Apple can run within it – but it doesn’t mean apps are automatically safe.

As the only place to get applications for your iPhone is through the official App Store (you can’t download them from any website or app, or transfer through USB like you can with Android), it is less likely that you will get malware. This just means that malware on iPhones is an exception and not a rule. Cyber criminals are adept at finding ways past barriers.

In 2013, researchers at Georgia Tech managed to submit a malicious applicaiton to Apple’s app store which could post tweets, make calls and send emails without the permission of the user.

Even if You Don’t Download Anything, Your iPhone Can Still be a Security Risk

Don’t ever assume you’re safe because you’re using an iPhone. Even if the app you’re using is safe, trusted, and signed off by Apple – it can still contain vulnerabilities – and these vulnerabilities can be exploited.

Over 70 iPhone apps were discovered to contain vulnerabilities that would allow a “man in the middle attack”. This is essentially where an individual can position himself between your device and your internet connection, and intercept data that passes back and forth. This means that apps trusted by Apple and millions of users could potentially pass data (e.g. email addresses, passwords, device location data, and any information you enter or store in the app) to a cyber criminal.

Don’t be Complacent

The main takeaway from this is that no matter what device you use, you are vulnerable, and you can be successfully targeted by cyber criminals.

Download our cyber security guide for plain english tips on how to protect yourself:

 

Get Your Free Cyber Security Guide Here

Leave a comment

Receive productivity and business posts via email

Netstar IT Support

83 Clerkenwell Road
Clerkenwell
London
EC1R 5AR