Your new iPhone XS is still at risk
Later today, Apple will host their annual September launch event in which they are expected to announce three new iPhones: the iPhone XS, iPhone XS Max and iPhone XC. This follows the iPhone X generation released in 2017. Apple are also due to unveil the Apple Watch 4 and the latest update to their operating system, iOS 12. It is this development that is arguably the most interesting announcement due to come out of the launch even. Apple are likely to attempt to remedy several pain points users had with previous updates in order to improve customer feedback and compete with Google’s latest OS developments.
These latest announcements will offer users a number of new and updated features. However, one area that is noticeably lacking is security. We often assume Apple products are immune to cyber threats. However, threats like phishing involve a human element. The reality is that any skilled cyber spy can hack an iPhone.
One of the main developments from iOS 12 is its faster performance on all devices. Beta tests have shown significant improvements in speed, particularly on older devices. This suggests that Apple are hoping to dispel the idea that it intentionally slows down keyboard typing and other routine features on existing models to correspond with its latest updates.
Another key area that the new iOS will focus on is helping users to monitor, review, and manage how much time they spend using their devices by introducing a Screen Time feature and expanding current Do Not Disturb functions. Developments in Apple’s FaceID technology will see updated customizable Animojis and Memojis with the ability to react to facial movements. Advancements in AR will allow users to measure and detect the dimensions of objects via their devices.
Apple will also introduce updated features to Siri, Apple News, Voice memos, Stocks and CarPlay. Group FaceTime, with up to 32 people, will also become available. However, this feature is thought to have been delayed until later this year. iOS 12 will be made available free of charge to Apple customers a week after the launch event today. It will be compatible with iPhone 5s and newer devices, iPad Air, iPad mini and iPod touch. This is the broadest support for a software update that Apple has ever offered and one of their biggest advantages over Android.
Even with all of these new features and updates, iPhones and iOS devices will still be vulnerable to cyber attacks. Phishing in particular poses a real threat to smartphone users. Mobile devices are becoming popular targets for phishing attacks. They are typically connected outside traditional firewalls, lack endpoint security controls, access a variety of messaging platforms and hold a huge amount of personal and corporate data. Traditionally, email-based phishing attacks were considered the main threat to internet users. While this is still a significant issue, most people are now up to speed on these risks. Many organizations have email policies and secure gateways in place to minimize the danger.
This knowledge and protection from threats does not always translate to mobile-based risks. Employees know to be suspicious of links and attachments in email. However, there is considerably less thought given to channels such as SMS, Skype, WhatsApp and social media. Phishing attacks can be personalized and targeted. This is where users become vulnerable.
LinkedIn has become a popular platform for phishing attacks in recent years, likely taking advantage of the assumption that all members are professionals, looking to make connections and build contacts. Once connected on the site, hackers with false accounts gain access to users’ email addresses. They can then send spam or lure the user into downloading malware onto their device. Due to of the professional nature of LinkedIn, people are likely to accept requests from anyone. With access to personal details on the user’s profile, hackers can personalize communications and build trust.
Another common hoax involves creating a fake account for someone in a highly regarded position of a well-known company. Numerous LinkedIn users have also reported receiving emails claiming to be from the company themselves. The message warns user that LinkedIn will deactivate their account unless they follow a link and accept an updated “Services Agreement and Privacy” policy. This link however, brings the users to a phishing site designed to steal the user’s login details.
LinkedIn have asked for reports of fake accounts as they try to identify and deactivate offenders. LinkedIn warned members not to accept connection requests from users they do not know.
Another trend gaining popularity in recent years is SMS phishing. This technique involves sending a text message, claiming to be from a legitimate source and convincing the user to follow a link to a fake account login page. Hackers use these pages to capture data such as login credentials, personal information and banking details. By posing as a trusted brand or website, the user lets their guard down.
Cyber criminals use this method of phishing to gather both personal and corporate information. Due to the smaller screen size of smartphones, it is difficult to determine the source and legitimacy of websites. This is also due to the lack of filtering or protection available for SMS, like that available for email.
Protection for iPhones
As well as LinkedIn and SMS, phishing attacks are becoming common for mobile devices via WhatsApp and social media platforms Twitter and Instagram. Social engineering is key to executing phishing attacks. Hackers seem to have recognised that users are often less vigilant and lack external protection when using mobile. Even with all of their cutting edge features, iPhones are lacking in comprehensive protection from phishing and social engineering-based attacks.
As more and more employees begin to use mobile devices to access sensitive company data, external protection is essential. Corrata understands this. We provide a mobile threat solution for Apple and Android devices. Our solution detects and blocks access to any malicious or phishing sites, no matter the origin of the link or how the user accesses it.
So, when upgrading to Apple’s latest offering, consider what might be the most important accessory for your new iPhone: security.
To find out more, visit www.corrata.com or email us at firstname.lastname@example.org.