Tag Archives: iPhone

Avast SecureMe protects iPhones when connected to Wi-Fi

Avast SecureMe for iPhone

Your iPhone data may require a court order for the FBI to look into the contents, but if you log onto an unsecure Wi-Fi hotspot without protection, any old snoop can eavesdrop on what you’re doing.

That’s right, while you’re busily messaging, shopping, banking, and uploading a photo of your lunch to Instagram, a hacker with a little know-how can easily read your messages, steal your logins, passwords and credit card details.

How can hackers steal my data?

Even if you are connected to a recognizable Wi-Fi network, your device has no way of distinguishing a securely encrypted public Wi-Fi from one that is not.

Unsecured routers are susceptible to DNS hijacking, by which cybercriminals redirect web traffic to fake Internet sites. When users log in, for example, to a banking site, thieves can capture the login credentials. On unprotected Wi-Fi networks, thieves can also easily see emails, browsing history, and personal data if you do not use a secure or encrypted connection like a virtual private network (VPN).

Avast SecureMe solves the problem of unsecure Wi-Fi

Avast SecureMe is a free app for iPhones and iPads which protects you while connected to Wi-Fi.

Apple jailbroken phones hit with malware

Chinese jailbroken iPhone users targeted

Chinese jailbroken iPhone users targeted

“Biggest iPhone hack ever” attacks jailbroken phones

In what has been called the biggest iPhone hack ever, 250,000 Apple accounts were hijacked. That’s the bad news.

The good news is that most Apple device users are safe. Why? Because the malware dubbed KeyRaider by researchers at Palo Alto Networks, only infects “jailbroken” iOS devices. (there’s that bad news again)

When you jailbreak a device like an iPhone or iPad, it unlocks the device so you can do more with it like customize the look and ringtones, install apps the Apple normally would not allow, and even switch carriers!

The KeyRaider malware entered the jailbroken iPhones and iPads via Cydia, a compatible but unauthorized app store, which allows people to download apps that  didn’t meet Apple’s content guidelines onto their devices. The malware intercepts iTunes traffic on the device to steal data like Apple passwords, usernames, and device GUID (“Globally Unique Identifier” which is your ID number similar to your car’s VIN). Users reported that hackers used their stolen Apple accounts to download applications from the official App Store and make in-app purchases without paying. At least one incident of ransomware was reported.

Chinese iPhone users with jailbroken phones where the primary attack target, but researchers also found incidents in 17 other countries including the United States, France, and Russia.

Other potential risks associated with the hack

  • Taking control of the device through iCloud and stealing private data like contact lists, photos, emails, and iMessage logs. This is reminiscent of the celebrity iCloud hack where compromising photos were leaked.
  • Apple account usernames can be sold to spammers which could then use it for premium SMS.
  • Unscrupulous developers can use the stolen data to raise their app installation count which results in a better position in the App Store rankings. Since the victims reported abnormal downloading activity in their App Store, this is quite likely.

The best way to protect yourself from KeyRaider and similar malware is to keep your iPhone or iPad the way it was intended, that means never jailbreaking your device.

The researchers who discovered this malware offer a service on their website to query whether your Apple account was stolen.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

How iOS users can stay protected against iScam threat

iScam displays a "crash report" to affected users. (Photo via Daily Mail)

iScam displays a “crash report” to affected users. (Photo via Daily Mail)

It’s a common belief (and myth) that Apple products are invincible against malware. This false line of thinking has recently again been refuted, as iPhone and iPad users have been encountering a ransomware threat that freezes their Internet browsers, rendering their devices unusable. The ploy, commonly known as iScam, urges victims to call a number and pay $80 as a ransom to fix their device. When users visit an infected page while browsing using the Safari application, a message is displayed saying that the device’s iOS has crashed “due to a third party application” in their phone. The users are then directed to contact customer support to fix the issue.

How to clean your system if you’ve been infected by iScam

  • Turn on Anti-phishing. This can be done by visiting Settings > Safari and turn on ‘Fraudulent Website Warning’. When turned on, Safari’s Anti-phishing feature will notify you if you visit a suspected phishing site.
  • Block cookies. For iOS 8 users, tap Settings > Safari > Block Cookies and choose Always Allow, Allow from websites I visit, Allow from Current Websites Only, or Always Block. In iOS 7 or earlier, choose Never, From third parties and advertisers, or Always.
  • Allow JavaScript. Tap Settings > Safari > Advanced and turn JavaScript on.
  • Clear your history and cookies from Safari. In iOS 8, tap Settings > Safari > Clear History and Website Data. In iOS 7 or earlier, tap Clear History and tap Clear Cookies and Data. To clear other stored information from Safari, tap Settings > Safari > Advanced > Website Data > Remove All Website Data.

Check out Apple’s support forum for additional tips on how to keep your device safe while using Safari.

Widespread iScam ransomware originates from US servers

iPhone and iPad users who turn on Avast SecureLine VPN while on unsecured Wi-Fi are protected from iScam.

It’s a common belief (and myth) that Apple products are invincible against malware. This false line of thinking has recently again been refuted, as iPhone and iPad users have been encountering a ransomware threat that freezes their Internet browsers, rendering their devices unusable. The ploy, commonly known as iScam, urges victims to call a number and pay $80 as a ransom to fix their device. When users visit an infected page while browsing using the Safari application, a message is displayed saying that the device’s iOS has crashed “due to a third party application” in their phone. The users are then directed to contact customer support to fix the issue.

iScam displays a "crash report" to affected users. (Photo via Daily Mail)

iScam displays a “crash report” to affected users. (Photo via Daily Mail)

In the midst of this vexing threat, Avast’s suite of security applications identifies URLs which contain malicious content. When discovered, these addresses are flagged for malware and then stored in our blacklist database.

While scanning for malicious URLs, we discovered that many of the servers related to iScam are located in the United States. While iScam has affected users located in both the U.S. and U.K., the origins of the threat have remained fairly nebulous up until this point. Here are a few examples of where we’ve discovered malicious servers in the U.S.:

  • Scottsdale, Arizona (system-logs.info)
  • Concord, North Carolina (pcassists.info)
  • Kirkland, Washington (Adbirdie.com)
  • Chicago, Illinois (pcsafe.us)
  • Los Angeles, California (clevervc.com)

Every cloud has a silver lining – in this case, you can celebrate the fact that you’re protected from iScam using Avast SecureLine VPN. Not only does Avast SecureLine VPN protect you while browsing on unprotected Wi-Fi networks, but it also scans websites to check for malicious content and keep you from becoming affected by them. Once Avast SecureLine VPN is installed onto your iPhone or iPad, it automatically notifies you of the risks of connecting to unsecured Wi-Fi and you have the option of connecting to the secure VPN. Once turned on, Avast SecureLine VPN creates a private ‘tunnel’ for your data to travel through, and all your activities done over the Internet – inbound and outbound through the tunnel — are encrypted. If a website is infected with iScam, Avast SecureLine VPN blocks it, so users will not encounter the scam. For your best protection, Avast SecureLine VPN is available to download in iTunes.

How to clean your system if you’ve been infected by iScam

  • Turn on Anti-phishing. This can be done by visiting Settings > Safari and turn on ‘Fraudulent Website Warning’. When turned on, Safari’s Anti-phishing feature will notify you if you visit a suspected phishing site.
  • Block cookies. For iOS 8 users, tap Settings > Safari > Block Cookies and choose Always Allow, Allow from websites I visit, Allow from Current Websites Only, or Always Block. In iOS 7 or earlier, choose Never, From third parties and advertisers, or Always.
  • Allow JavaScript. Tap Settings > Safari > Advanced and turn JavaScript on.
  • Clear your history and cookies from Safari. In iOS 8, tap Settings > Safari > Clear History and Website Data. In iOS 7 or earlier, tap Clear History and tap Clear Cookies and Data. To clear other stored information from Safari, tap Settings > Safari > Advanced > Website Data > Remove All Website Data.

Check out Apple’s support forum for additional tips on how to keep your device safe while using Safari.

Need help fixing the iOS text message bug causing iPhone crashing/reboot?

iphone

Something as simple as an SMS has threaten Apple and its iPhones. A security flaw has been found in Cupertino’s Smartphone, it is one of those text messages which gives the user a nasty surprise: when you receive it, your iPhone reboots.

The SMS that causes the device’s failure is not an ordinary text message. Therefore, it is virtually impossible that users receive this SMS by accident. The bug is a text string with symbols and Arabic characters in a specific sequence, which causes iMessage to collapse and the iPhone to reboot.

Just like you have seen in the video, it is not necessary that the user access the messaging application. As soon as you receive it, the device reboots. If that wasn’t enough, once the iPhone is back on, it is not possible to access the messaging application to eliminate the malicious conversation: it is blocked.

In addition, the SMS has not only highlighted the existence of a vulnerability in iPhones, but it also caused iPads, Macs and even the brand-new Apple Watch to crash too.

The company has already announced that they are aware of the vulnerability and that they will solve it through a future iOS update.

sms iphone

Are we still in danger?

Meanwhile, the controversial SMS continues to cause chaos on Apple devices. Putting an end to its effects is not easy, but fortunately, there are some fixes available to re-open the Messages app:

  • Ask the person who sent you the malicious SMS to send you another text message so the conversation continues, cancelling the effects of the first. Once received a second message, the user can access the conversation list and eliminate it.
  • Ask Siri. This is the solution proposed by Apple, but this time you will be the one paying for the SMS as you will be the one sending it. After receiving the damn message and seeing how the device reboots, the user could ask Siri to “read unread messages”. Siri won’t be able to read the SMS and will ask you if you want to reply. In that moment, you will be able to dictate a message to Siri, so the last strand of the conversation is not the one that causes the system’s failure. This way you will be able to access the conversations lists and delete the thread.
  • Send a picture via the Photos app, which will allow you to access the message history and then delete the conversation, at last.

All this taking into account that the character strand that causes the failure in the system is not a usual message. If you receive it, it is because your prankster friend or someone else wants to give you a hard time. So, until Apple launches the next iOS update we will need these tricks to fix this problem.

The post Need help fixing the iOS text message bug causing iPhone crashing/reboot? appeared first on MediaCenter Panda Security.