What to do when iPhone is successfully phished

  • My girlfriend watched "some" pages on her iPhone and facebook.you-won.com page appeared. She didn't know how to get rid of that JavaScript alert, so she clicked OK. After that she closed the page, and sent me the link with message "what is that".

    I also clicked that link she sent. In Safari I found out, that it is some phishing page, so I closed it by restarting Safari on my iPhone and before the page loaded I quickly opened "panels" and left-swiped to close that page (all before the page loaded and that JavaScript alert appeared).

    Because I think it's a phishing attack that is trying to steal your ID, I have 2 questions:

    1. What can I do with HER iPhone (is restore enough to get rid of everything that could be downloaded? When she clicked OK?)

    2. What can I do with MY iPhone? (I restored and recovered last backup from last week - this "page" appeared today, is it enough that I didn't click OK?).

      • I have my work "exchange" account on the iPhone, do I have to worry?

      • I have apps that are linked to my credit account (apps from my bank), do I have to worry?

      • I have credit card information saved in the App Store, do I have to worry?

    She has nothing on her phone, just Facebook and some free games, so she is without problems I guess when I recover her iPhone.

    Anyway none of those devices are jailbroken. Both iPhones have their original and newest iOS.

    I wouldn't worry about it. Apple put so much restrictions on the user himself let alone the malware would have to exploit the browser, bypass the sandboxing, perform some kind of privileges escalation and reboot the device.

  • From the scenarion you describe, she rather has been a victim of a drive-by download attack that leads to installing -in most cases- adware or spyware but this attack can be even more dangerous depending on the malware that has been installed.

    This attack uses the browser vulnerabilities or the browser's plugins vulnerabilities using mainly malicious obfuscated JavaScript code.

    The attack can be triggered passively by a simple visit to a given webpage as it happened for example on 2011 to Amnesty International's homepage where lot of visitors got infected by simply reading articles on their homepage.

    In an other scenarion, the attack needs the visitor to be active (which is the case of you describe here): the visitors sees pop-up windows that a simple click on the OK, Cancel or even Exit (X) button will trigger the attack.

  • The iPhone in its unjailbroken state is a highly secure platform, arguably one of the most secure. For the most part, you can’t get a drive-by download on iOS as easily as on a desktop due to the extremely good sand boxing it utilizes. Ironically, this strong sandbox model is what makes apps sharing data with each other (a perk Android users have enjoyed for some time now) so difficult to implement on iOS.

    There are no antivirus products that you can install from the App Store that will actually scan your whole system. Thanks to the strong sand boxing this is impossible to implement. The most that these programs can do is scan things in your various user folders like documents and your camera roll.

    As an iOS user myself, I wouldn’t worry about accidentally visiting a phishing site. As long as no user info was manually provided, everything is fine.

    And while jailbreaking can make your device more unstable and less secure, properly educating yourself can do wonders to close the vulnerability gap. Not only are my own jailbroken devices more secure than normal iOS devices (thanks to security related plugins), but I even enjoy many features that Apple would rather you not have, such as ad blocking, alternative default browsers and default Google Maps. Plus nested app folders, animated GIFs in the camera roll and countless other features.

    **WHERE** did you read that *You can’t get a drive-by download on iOS due to the extremely good sand boxing it utilizes* ??? HERE IS ONE of so many drive-by download attacks that happened on iOS. By the way, such attacks targets the vulnerabilities of browsers and their plugins, not the OS by purpose. Also, speaking about **strong sandboxing**: do you know that the Firefox browser you are using probably right now (as well as for Chrome, Opera ...) **are also strongly sandboxed** ?

    Ah, yes. A flaw that was never found *in the wild*, for an extremely outdated version of iOS (from 2012… iOS 5, AFAIR). Any chance you could point out a non-experimental, actually-found-in-the-wild exploit? Yeah, thought so.

    iOS 5 or 6 are not extremely outdated, but this is not the problem: **drive-b download attacks target bulnerabilities of BROWSERS and their plugins not OS**

    So you are nitpicking about a version of iOS that less than 2/100 people with Apple devices still make use of? Try focusing on real-world exploits for current systems, bub. Or to use a metaphor, don’t be bringing up Roman infantry tactics in a discussion of modern military strategies. Do try to remain relevant by staying current.

    Have you read my comment ? I said drive-by download attacks target **BROWSERS** (and their plugins) **NOT operating systems !!!**

    Yeah, browsers that get patched with every new iOS point-version that gets released. Your point is…? That butt-arse ancient exploit isn’t going to work on iOS 7 Safari, much less iOS 8 Safari. If you’re going to fear-monger, do try to use an example that is currently “in the wild” and able to affect more than just extreme edge cases.

    Excuse me. Good luck

    The fact that iOS devices do not need antivirus is a myth. Also, jailbreaking your iPhone makes it more susceptible to malware, not less.

    Really? Then why are there no antivirus products in the App Store? Sure, you have all the big names: MacAfee, Norton, Trend Micro, F-Secure. But guess what -- *none of these products actually scan your system*. They are all website scanners (utilizing online resources to “grade” websites as safe of not) and password vaults and content vaults and other features. *None of them actually do anything that can be thought of as a traditional antivirus or anti malware product*.

    And as for Jailbreaking -- my system is safer than any stock iPhone. There are plugins and mods that actually make iOS *more safe* than default. Case in point: Protect My Privacy. This tool (just one of many that I use) allows me to grant or deny access to other parts of my system (device name, location, advertising identifier, etc.) on a permanent or case-by-case basis. Something that iOS uses a sledgehammer-or-nothing approach on. It can even alert me to a change in an app’s behaviour, something that iOS cannot do at all.

    -1 for the ignorance. Every time they have the mobile pwn2own, iPhone gets the drive-by Safari treatment, with "sandbox escape" cream on top of it. Plus every other mobile platform out there (maybe bar Blackberry, but who cares about that?). A few months ago iOS was affected by a stupid Unicode SMS bug, causing iPhone reboots. I'm pretty sure VUPEN and Co have some goodies in the bag for it, which we're pretty lucky the bad guys don't have (hopefully).

  • First of all, this was some sort of malware, not phishing. Phishing is successful only when you enter your credentials thinking you're on a legitimate site.

    Go to the Apple Store and install an antivirus for both of your iPhones. (Unfortunately I can't give suggestions here. Avast is the best-rated AV for Android devices; I don't know what is worth for iOS, but you could give it a try. F-Secure is a good one too.)

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM