Apple iPhone users are notorious for their slight indulgence towards those who prefer alternative platforms. Android is constantly under attack by malware and Trojans, they say, while iOS is immune to threats. Is it really that secure as Apple fans see it?
The answer is: no, it isn’t. In this article we will discuss several types of attacks which are as bad for the iPhones as they are for other devices.
Phishing attacks target ‘what’s between a chair and a keyboard,’ meaning the users themselves. Phishers typically prey on human carelessness or a lack of overall awareness of security issues.
It might seem as if the attributes of a phishing attack are known to everyone. But lest we forget that newbies join Internet day by day in great numbers, and they are not necessarily aware of the tricks that cybercriminals try to play on them. On the other hand, cybercriminals do not sit idle; they invent new tricks every day.
If there is slightest doubt that the website you are on is not legitimate (for instance, the questions asked by your online banking tool are different from those you are used to), don’t push your luck and contact the support team right away. Better safe than sorry, otherwise you are running a high chance of battling for your hard-earned money later.
Means of protection: Read through our recommendations on how to identify fake web pages. A great deal of help might come from the Kaspersky Safe Browser for iOS, which is specifically designed to spot phishing websites.
— Kaspersky Lab (@kaspersky) November 13, 2015
There is another method of attacking your device regardless of its platform — via Wi-Fi. Internet has become ubiquitous, however, public wireless networks might pose a real danger to users.
Any attempt to access world wide web through a suspicious hotspot can result in compromised passwords and loss of personal data. Be careful and watch your back, no matter what smartphone you use.
Means of protection: If you decided, nevertheless, to use a public Wi-Fi hotspot, follow these simple rules: avoid unprotected hotspots, use secure channel (HTTPS) and disable automatic connection to Wi-Fi in your iPhone settings.
A sad fact: the time when the iPhone was almost free from the risk of malware, are long gone.
Most often, malware targets jailbroken devices (devices which provide system-level access in order to unlock more functions). The most common reason for a user to jailbreak their phone is to run pirated or illegitimate apps and overcome certain limitations imposed by iOS.
Weaker security is the downside of these additional opportunities, and it’s no wonder: when you make a ‘hole’ in a ‘fence’ built by Apple developers, don’t be surprised when something suspicious sneaks in.
But even if you don’t jailbreak your device, iPhone cannot be totally secure. Even very rigid control from Apple App Store experts does not always keep malicious apps from finding ways into your device. Hackers can find alternative methods to compromise it.
— Kaspersky Lab (@kaspersky) March 16, 2016
There was a real case when adversaries managed to compromise dozens of third-party apps using a malicious Xcode SDK. The infected SDK was distributed in the Chinese sector of the Internet and was quite popular: people behind the ‘Great Chinese Firewall’ found it too challenging to download a heavy file from Apple’s official website.
Another example: once hackers persuaded users into downloading free apps from App Store, without a jailbreak. Simultaneously, the culprits installed malicious applications , and stole Apple IDs from the compromised devices.
— Kaspersky Lab (@kaspersky) March 31, 2016
It’s obvious that, like in case of other platforms, malware targeting iPhone is frequently bundled with digital piracy. Just think twice before you decide to take advantage of something ‘entirely free.’
Means of protection: We recommend that you do not jailbreak your devices. When the firmware is compromised, there is a fair chance you’ll become a target for cybercriminals. On the other hand, when it comes to the update routine, don’t hesitate to install them: official updates are designed to make your device more secure.
Apple ID hijacking
In the Apple world, you cannot get anywhere without an Apple ID. It is a single pass to your user profile, iCloud service, and the company’s online marketplace. Apple ID means access to many domains of your digital life, so no wonder adversaries frequently target Apple IDs.
There are different ways to hijack Apple ID: via a malicious app on the smartphone, via phishing and also by compromising a computer that is used to access iCloud and other Apple services.
— Kaspersky Lab (@kaspersky) April 21, 2014
To protect your Apple ID from criminals, use two-factor authentication. Once it’s enabled, all attempts to access Apple service would require a one-time password which would be sent to a trusted device. This would significantly lower the chances of an outsider using a leaked or stolen password.
Another thing that we need to mention is that you should not share an Apple ID with multiple people. While this is not uncommon with close friends or relatives, a shared account creates more opportunities to be compromised. Friendship is sacred, but passwords and accounts should be used separately.
Means of protection: enable two-factor authentication for Apple ID, if you have not done so yet.
Finally, some tips for those who wish to be confident about their device security:
- Enable the ‘Find My Phone’ feature: it provides a chance to find a lost or stolen smartphone. Even if you are not able to bring your device back, at least you can lock it or wipe your personal data.
- Use a strong password to unlock your phone: make sure you create it using numbers, letters and special characters. The latest iPhone models employ a fingerprint scanner called Touch ID to authenticate a user.