Tag Archives: iOS

(Anti-)Social Media – news updates June 6th 2018

The Register: ‘Tesco probably knows more about me than GCHQ’: Infosec boffins on surveillance capitalism – “Cambridge Uni powwow broods on Facebook, Wannacry” There seem to have been a lot of good points made there. I’m rather sorry I didn’t get to it, but it’s a long way from my part of the world…

Surveillance by cookie isn’t, of course, confined to social media. Perhaps more people have become aware of them recently with the pitter-patter of GDPR-inspired pop-ups on sites noting that they use them, and on occasion requiring visitors to agree to their being used if they’re to continue using the site. What could go wrong? Here’s an interesting, mildly techie paper from Digital Interruption: Are Your Cookies Telling Your Fortune? – An analysis of weak cookie secrets and OSINT. OSINT, by the way, is Open-Source Intelligence, information gathered from publicly available sources.

Sophos: Facebook faces furious shareholders at annual meeting – “Another investor, Will Lana of Trillium Asset Management, said that his firm has been keeping track of the scandals in which Facebook is embroiled. It’s tallied “at least 15 distinct controversies,” he said, as he spoke in favor of a proposal to change the board’s approach to risk management”. [But don’t worry:  Zuckerberg and the Board of Directors managed to ’emerge from the meeting unscathed’. Well, you can worry if you like…]

Thomas Claburn for The Register: Facebook insists device data door differs from dodgy dev data deal – “Facebook on Sunday said an arrangement that gave some 60 mobile device makers access to data about device users’ Facebook friends is not at all like the deal it made with app developers that gave rise to the Cambridge Analytica scandal.” Oh, good…

Given the number of Facebook denizens who are interested in genealogy and heredity, this seems a suitable place to mention a Brian Krebs article: Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage

Catalin Cimpanu for Bleeping Computer: Washington State Sues Facebook and Google Over Election Ads – “Washington State Attorney General Bob Ferguson filed two lawsuits on Monday against Facebook and Google on the grounds of breaking local campaign finance laws.”

Here are a couple of items I’ve also posted to the Mac Virus site, and which are also relevant to the anti-social media page. I haven’t paid much attention to news-recycling sites (apart from The Register, maybe)  in recent years, but these two ZDNet reports actually mildly impressed me.

Adrian Kingsley-Hughes for ZDNet: Your iPhone is tracking your movements and storing your favorite locations all the time. He says: “Now, you may be like me and not care about this data being collected, and might even find it a useful record of where you’ve been over the previous weeks and months. But if you’re uncomfortable for any reason with this data being collected, then Apple offers several ways you can take control over it.” Even if you don’t mind these data being collected by your operating system, you also have to think about the apps that may be accessing it at second hand.

Kind of weirdly, Larry Dignan (also for ZDNet) tells us that Apple, Google have similar phone addiction approaches with iOS, Android. Well, it’s always nice (if unexpected) when Big Business displays a sense of civic responsibility. However, Dignan is probably right when he remarks: “The research is just starting to be compiled on smartphone addiction and what happens when your life is overloaded by apps and notifications. Think of the digital health push from Apple and Google as a way to provide talking points before screen time becomes a Congressional hearing someday.”

David Harley

Advertisements

June 1st AVIEN resources updates

Updates to (Anti)Social Media

Tomáš Foltýn for ESET: More curious, less cautious: Protecting kids online – “How we can help protect a generation for which digital is the way of the world?”

Updates to Cryptocurrency/Crypto-mining News and Resources

Trend Micro: Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner

Updates to GDPR page

For Tech Beacon, Richi Jennings curates some blog-y thoughts on GDPR and what comes next from the EU: Think GDPR was a disaster? EU’s ePrivacy Regulation is worse

Milena Dimitrova for Security Boulevard: GDPR Is Affecting the Way WHOIS Works, Security Researchers Worry – as indeed it is, and indeed they should…

Graham Cluley: An advert against online privacy “NO, YOU CAN TAKE ANYTHING… JUST DON’T TAKE MY APPS!” – “The advertising industry … has its knickers in a twist so tightly about European privacy regulations that it made videos like this to try to sway public opinion”

For Help Net, Arcserve’s Oussama El-Hilali discusses The emergence and impact of the Data Protection Officer. Not a bad article, but extraordinarily US-centric in its assertion that “… one of the lesser known mandates of the regulation is the creation of a completely new role: The Data Protection Officer (DPO).” That role, if not necessarily that job title, has long been known in Europe and the UK as a direct result of the Data Protection Directive 95/46/EC, which it supersedes and the UK’s Data Protection Act(s).

Sophos:  European Commission “doesn’t plan to comply with GDPR” – well, sort of

Updates to Meltdown/Spectre and other chip-related resources

The Register: Arm emits Cortex-A76 – its first 64-bit-only CPU core (in kernel mode) – “Apps, 32 or 64-bit, will continue to run just fine as design biz looks to ditch baggage … Linux and Android, Windows, and other operating systems built for this latest Cortex-A family member are being positioned, or are already positioned, to work within this 64-bit-only zone.”

Also from The Register: Spectre-protectors: If there’s something strange in your CPU, who you gonna call? “Ghostbusters in Chrome 67 stop Spectre cross-tab sniffs and more … Enhanced Spectre-protectors will soon come to the Chrome browser … and upgrades for Windows, Mac and Linux have started to flow.”

Updates to Internet of (not necessarily necessary) Things

Dearbytes: Smartwatches disclosing children’s location

The Register: OMG, that’s downright Wicked: Botnet authors twist corpse of Mirai into new threats – “Infamous IoT menace lives on in its hellspawn”. Summarizes Netscout’s research – OMG – Mirai Minions are Wicked – “In this blog post we’ll delve into four Mirai variants; Satori, JenX, OMG and Wicked, in which the authors have built upon Mirai and added their own flair.”

Updates to Specific Ransomware Families and Types

Bleeping Computer: New Backup Cryptomix Ransomware Variant Actively Infecting Users

Updates to Mac Virus

John Gruber for Daring Fireball: 10 Strikes and You’re Out – the iOS Feature You’re Probably Not Using But Should. The feature he’s referring to is the passcode option “Erase all data on this iPhone after 10 failed passcode attempts”. I don’t have an iPhone, so haven’t really looked into the feature, but it certainly seems that it’s a more useful, less daunting option than you might think.

Paul Ducklin for Sophos: Apple’s iOS 11.4 security update arrives in an iCloud of silence – “We updated to iOS 11.4, because that’s our habit – but Apple still isn’t saying what was fixed yet. How we wish Apple wouldn’t do that!”

Updates to Chain Mail Check

Tomáš Foltýn for ESET: World Cup scams: how to avoid an own goal – “Whether travelling to enjoy the matches in person, or watching from home, fans should be on the lookout for foul play” (I always enjoy Tomáš’s wordplay.)

Snopes: Is Starbucks Installing ‘Shatter-Proof Windows’? – “An image circulating online falsely promised “free coffee for a year” to anyone who could damage the company’s new windows.” Put away that bazooka…

David Harley

AVIEN resource updates 31st March 2018

Updates to Anti-Social Media

 (HT to Mich Kabay for pointing out the Economist articles – NB there’s a limit on how many you can view without subscribing.)

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

Updates to Mac Virus

(1) iOS

(2) Android

Updates to Anti-Malware Testing Blog

David Harley

Resource updates 28th March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Meltdown/Spectre – Related Resources

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Mac Virus

iOS

Android

Updates to Chain Mail Check

Pop-up Support Scams and iOS

[My colleague Josep Albors, knowing of my interest in support scams, recently contacted me about the spate of support scam alert messages reported by some users of iOS devices, the idea being to persuade the victim to ring a scammer ‘helpline’ by making them believe that they’re talking to a legitimate helpdesk about a real problem. Here’s a summary of the Spanish-language blog he wrote following our conversation. This article will be added shortly to the tech support scam information resources on this blog.]

Telephone scams that masquerade as support services have been with us for years. In fact, our colleague at ESET, David Harley, is an expert on the subject and has spoken at length on the topic in the blog WeLiveSecurity .

Over the years, criminals have honed their techniques, trying to increase the number of victims drawn into this deception. Today we will discuss one of the most recent cases of support scams, mainly targeting users of iPhone and iPad devices.

ALERT

This time the criminals have changed their approach and are no longer cold-calling their victims passing themselves off as support service staff trying to help victims solve non-existent problems on their computers (at a price, of course). In this instance, they are looking for users to call them after seeing some troubling ‘alerts’ on their devices intended to make them think that something is wrong with their system.

In the last week or two several users (mainly in the US and UK) have reported seeing an alert window in the Safari browser on their iPhones and iPads. Our colleague David Harley addressed this specific issue in his blog about threats to Mac and IOS .

Victims see a screen popup that indicates that the system has crashed because of a third party application and advises them to call a phone number for an immediate solution.

The peculiarity of this popup is that, however much you press the OK button, the message will still appear in your browser, even if you close it and return to open.

Fortunately, it’s possible restart the browser and close the tab before it is loaded (or take a more drastic measure by deleting all browser history) so as to remove this annoying message. The purpose of the scammers is to make victims believe that there really is a problem so that they will make the phone call, whereby the scammers will ask for money in order to solve the non-existent problem.

Here’s the format of a typical message of this type:

[URL of scam site]
Due to a 3rd party application in your phone,
iOS is crashed Contact Support
for Immediate Fix.
[US toll-free number]
[OK]

Other variants claim that clicking OK will send a bug report to Apple and state explicitly that the ‘support line’ number is Apple’s.

DETECTION OF THIS THREAT

It is easy to fall into such traps where the default browser (Safari in this case) does not react to this kind of deception and does not block malicious sites as some other browsers do.

If you try to access a malicious web site with Chrome or Firefox from a desktop computer, you will see a warning that you have been targeted by a phishing attack and access to the malicious web page will be blocked.

Some security solutions will also detect this website as a potential phishing threat if you access it from your browser on a desktop system, or indeed on an Android device.

CONCLUSIONS

David Harley comments:

There are a couple of interesting aspects of this variation on the support scam: one is that it’s a further indication of a trend away from cold-calling and towards luring potential victims into calling the scammer. In the past it’s also been done by seeding social media sites with testimonials, or fake support sites using scraped content and dubious generic advice, as Martijn Grooten and I discussed in a blog some years ago.

There have also been many reports recently of tech support services advertised in the US where calling gets you into a conversation with someone using very similar, misleading sales techniques as those we associate with the classic cold callers from Indian call centres: see, for instance, http://www.welivesecurity.com/2015/06/03/confessions-support-scammer/ Tellingly, one of the ‘confessions’ I quoted there made the point that:

Basically we had “marketers” who would put pop ups on people computers saying that they may be infected with a virus and giving them a number to call.

The advantage of seeding the internet with fake pop-ups is that the technique has the potential to work across almost any platform, depending on how secure the browser technology is. (For instance, similar attacks have been reported on OS X/Safari very recently.)

The third interesting point – though it actually follows on from the second – is that when people call you to describe their problems, you don’t have to invent over-used gambits like the Windows-specific CLSID and Event Viewer tricks to convince them that they have a problem. So again, it’s platform non-specific.

It seems clear that criminals continue to incorporate new techniques to ensnare new victims. As far as telephone scams specific to fake support are concerned, the claims we see are more-or-less complete fiction, but we will watch with interest to see what further innovations they come up with.

Josep Albors

iOS support scams – added to resources page

Added to the PC ‘Tech Support’ Cold-Call Scam Resources page today….

Here’s an extract from another Mac Virus article – iOS Support Scams – on tech support scams, this time targeting iOS users:

A new blog by Graham Cluley for Intego actually has some points in common with my most recent blog here (which also involved pop-ups misused by support scammers, particularly in the context of Safari). However, Graham’s article is about iOS, whereas mine related to questions asked regarding OS X and Safari (citing advice from Thomas Reed that also addressed other browsers).

David Harley