Later today, Apple will host their annual September launch event in which they are expected to announce three new iPhones: the iPhone XS, iPhone XS Max and iPhone XC, following on from the iPhone X generation released in 2017. As well as this, Apple are expected to unveil the Apple Watch 4 and the latest update to their operating system, iOS 12. It is this development that is arguably the most interesting announcement due to come out of the launch event as Apple are likely to attempt to remedy several pain points users had with previous updates in order to improve customer feedback and compete with Google’s latest OS developments. These latest announcements will offer users a number of new and updated features, however one area that is noticeably lacking is security. Apple products are often considered impenetrable when it comes to cyber threats and in many cases they are capable of avoiding attacks. However there are some threats, that often involve a human element like phishing, that iPhones are still vulnerable to and these need to be addressed, especially in a business environment.
One of the main developments expected from iOS 12 is its faster performance on all devices. Beta tests have shown significant improvements in speed, particularly on older devices, which suggests Apple are hoping to dispel the idea that it intentionally slows down keyboard typing and other routine features on existing models to correspond with its latest updates. Another key area that the new iOS will focus on is helping users to monitor, review, and manage how much time they actually spend using their devices by introducing a Screen Time feature and expanding current Do Not Disturb functions. Developments in Apple’s FaceID technology will see updated customizable Animojis and Memojis with the ability to react to facial movements, while advancements in AR will allow users to measure and detect the dimensions of objects via their devices. Apple will also introduce updated features to Siri, Apple News, Voice memos, Stocks and CarPlay, while Group FaceTime with up to 32 people will also become available, although this feature is thought to have been delayed until later this year. iOS 12 will be made available free of charge to Apple customers about a week after the launch event today and will be compatible with iPhone 5s and newer devices, iPad Air, iPad mini and iPod Touch, the broadest support for a software update that Apple has ever offered, one of their biggest advantages over Android.
Even with all of these new features and software updates, iPhones and iOS devices will still be vulnerable to cyber attacks. Phishing in particular poses a real threat to iPhone users as it involves human interaction and can often be mistaken as legitimate communication. Mobile devices are becoming popular targets for phishing attacks as they are typically connected outside traditional firewalls, lack endpoint security controls, access a variety of messaging platforms and hold a huge amount of personal and corporate data. Traditionally email-based phishing attacks were considered the main threat to internet users and while this is still a significant issue, most people are now educated on these risks and many organizations have email policies and secure gateways in place to minimize the danger. This knowledge and protection from threats does not always translate to mobile-based risks however. While employees have been taught to be suspicious of links and attachments in email, there is considerably less thought given to channels such as SMS, Skype, WhatsApp and social media, where phishing attacks can be personalized and targeted, and this is where iPhone and all device users become vulnerable.
LinkedIn has become a popular platform for phishing attacks in recent years, likely taking advantage of the assumption that all members are professionals, looking to make connections and build contacts. Once connected on the site, hackers with false accounts gain access to users’ email addresses and can then send spam or lure the user into downloading malware onto their device. Due to of the professional nature of LinkedIn people are likely to accept requests from anyone, unlike on Facebook or email, and with access to personal details on the user’s profile, hackers can personalize communications and build trust. Another common hoax involves creating a fake account for someone in a highly regarded position of a well-known company in order to build credibility and trust among professionals in that industry. Numerous LinkedIn users have also reported receiving emails claiming to be from the website with warnings that their account will be deactivated unless they follow a link and accept an updated “Services Agreement and Privacy” policy. This link however brings the users to a phishing site designed to steal the login details of the user to be used for further scams and identity theft. LinkedIn have asked for reports of fake accounts as they try to identify and deactivate offenders, while members have been warned not to accept connection requests from users they do not know or that have not been recommended by a trusted contact.
Another trend gaining popularity in recent years is SMS phishing, a technique that involves sending a text message claiming to be from a legitimate source and convincing the user to follow a link to a fake account login page. Such pages can then be used to capture data such as login credentials, personal information and banking details simply by posing as a trusted brand or website and asking the user to input the data themselves. This method of phishing has been used to gather both personal and corporate information and is often so successful due to the fact that the smaller screens of mobile devices make it difficult to determine the true source and legitimacy of websites and due to the lack of filtering or protection available for SMS, like that available for email.
Protection for iPhones
As well as LinkedIn and SMS, phishing attacks are becoming common for mobile devices via WhatsApp and social media platforms Twitter and Instagram. Social engineering, appearing trustworthy and persuading users to follow malicious links, is key to executing phishing attacks and hackers seem to have recognised that users are often less vigilant and lack external protection when using mobile. Even with all of their cutting edge features and updates, iPhones are lacking in comprehensive protection from phishing and social engineering-based attacks and users are still vulnerable. As more and more employees begin to use mobile devices to access sensitive company data, external protection is essential. Corrata understands this and provides a mobile threat solution for Apple and Android devices to detect and block access to any malicious or phishing sites, no matter where the link originated or how the user accesses it.
So following today’s announcements and when upgrading to Apple’s latest offering, consider what might be the most important accessory for your new iPhone: security.
To find out about how Corrata’s solution could help protect your organization from phishing attacks and other security threats visit www.corrata.com or email us at firstname.lastname@example.org.