Mario Bautista
A new iPhone warning has been issued after a loophole was found that disables Apple’s phishing … [+]
A new iPhone warning has been issued after a loophole was found that disables Apple’s phishing protection on its messaging service iMessage.
As well as offering frequent security patches to iPhone users, Apple offers protection from phishing, a form of cyberattack that sees people targeted with emails or texts from adversaries intending to steal their details.
Phishing — or smishing if it’s performed over SMS — often sees attackers encouraging iPhone users to click on a link, which will take them to a page set up by adversaries to steal login details, or encourage you to download malware onto your device.
Knowing this, Apple disables links sent over iMessage when they come from an unknown sender. However, an increasing number of attacks are using this iPhone protection as a weakness, according to a report on U.K. tech site Bleeping Computer.
Adversaries are sending fake alerts such as delivery updates encouraging users to reply to iMessages first, which will then mark the sender as safe and enable a link that Apple would have otherwise disabled. For example, an iPhone user may be asked to reply yes (Y) or no (N) to accept a delivery.
People are used to doing this when responding to appointments, which means many are replying to these iMessages and enabling the link, Bleeping Computer reports.
It’s a simple trick, but the consequences could be devastating. The iPhone user could then click on the link and end up handing over private details to attackers. This could allow access to valuable data, including logins to email or even banking services resulting in real financial losses.
I have asked Apple to comment on this attack and will update this article if the iPhone maker responds.
New iPhone Attack — How To Protect Yourself
Jake Moore global cybersecurity advisor at ESET calls the iPhone new phishing trick “a simple security bypass.”
But you can protect yourself from this iPhone attack and others like it by following a few simple steps.
Always avoid replying to messages from unknown contacts as this could disable iMessage’s built-in protection and expose you to phishing attempts, says Moore. “Always verify the legitimacy of any message whether it be iMessage or within any platform before taking any action, especially if they request sensitive information,” he advises.
If you do receive an email or text and you’re not sure about the legitimacy, go to the website or app and log in there, rather than clicking links in messages.
Apple’s phishing protection is there for a reason, but sometimes the iPhone maker can’t completely protect people from attacks. It’s down to you to be vigilant, looking out for the signs that the iMessage or email might not be what it seems.
