iPhone Archives – Gridinsoft Blog

How to Stop Spam Texts?

Stephanie Adlam — Sun, 21 Jul 2024 12:59:44 +0000

The spam texts can include spam emails and spam calls. These are all unwanted and often annoying text messages whose sender you don’t know. The purpose of such spam is to deceive the user and get his confidential information or draw you into the phishing attempt. These statements are received from a computer programmed to send to an unspecified list of users automatically. Let’s take a look at the tip to stop getting a ton of spam texts, tricks and do’s and don’ts for blocking unwanted texts.

In addition to having an unpleasant motive, these messages can extend malware to your device. According to the Federal Trade Commission, such spam texts are illegal, as the ultimate goal is either to steal or to violate the integrity of the user’s privacy. But for a problem such as spam to not violate your privacy, we will provide you with a guide on using the proper actions and how to block text messages.

While using the Internet, it is impossible to do without annoying forwarding of letters over the network. How to legally retaliate for email spam?

What to do if you receive a spam texts?

1. Don’t reply directly to any spam texts.

Answering a spam message is not just a bad mistake; it is also a sign for an attacker that your account is active, and you can send even more messages of this type. So the least you can do when you see a message that does not concern you is don’t answer it, and that’s it.

2. Do treat your personal information like it’s cash.

Spam texts are designed to cheat out confidential information from you. The last item includes your financial information, statement of how much you earn, social security number, whether you have credits, your passwords, and more. In future, you should know that most legitimate organizations or companies will not ask you to submit such information. Especially if they won’t do it through a simple text message; if you question this type of message, contact the organization from which it is as if you have received the letter and find out exactly whether you need to show such information.

3. Don’t click on any links in the spam Texts.

Often, the content of a spam message will permanently be attached to a link or form to fill in your data. The first and most important thing you need to know is that you shouldn’t click on these links. Because basically, they are malicious. After you click on such links, you can distribute malware to your device. Malware can damage your phone, slow its operation and occupy the entire memory of your device, steal personal data, including photos and videos that are on the phone. It can also lead you to write off money from your operator’s account without your knowledge and others.

More and more phones are being attacked by viruses. How to check if you have viruses on your phone.

4. Do review your cell phone bill regularly.

Don’t forget to check your account on your cell phone. If you find any unnecessary write-offs without your knowledge, then call the phone company and find out why they did this.

5. Check your phone’s settings.

You may have third-party features on your device that will allow you to block the source of unwanted calls and text messages.

For Android phones, click on the three dots in the upper right corner of spam texts. Next, click on this and select “People” and “Options”. Then select “lock”. After that, you will not receive spam text messages from this number.
For iPhones, in the top corner of spam messages, click on “i”. Then click on the number and select “Lock”.

Banning the spam on iOS

Ban the spam on Android

6. Do place a cell phone number on the National Do Not Call Registry.

If you don’t know how to get rid of annoying messages from unknown sources, follow the following advice. Add your phone number to the Federal Trade Commission’s National No Calls Registry, and it will eliminate a vast number of spam calls. Then if you receive a call within 31 days after the number has already been added to the registry – you can contact the FTC.

7. Do check to see if your carrier offers a call-blocking service.

Some third-party services and applications can block phone numbers. You should check all messages received from third-party sources. Send this type of message to 7726 and check if it is spam. Your operator may investigate and take action against the start of this message. Your message to this number is free of charge.

How to protect?

Agree that it is very unpleasant when annoying ads, viruses or other malicious programs regularly appear on a broken smartphone? Try the free Trojan Scanner for Android smartphones, which uses patented scanning technology with daily database updates to help ensure the best virus detection rate on your Android smartphone. Just install and run it, because it does not slow down the system and does not drain the phone’s battery.

The post How to Stop Spam Texts? appeared first on Gridinsoft Blog.

Scam Likely Calls: How to block them?

Stephanie Adlam — Wed, 03 Jul 2024 12:39:36 +0000

Have you ever glanced at your phone and seen the caller ID flash “Scam Likely”? Understanding what this alert means, why it appears, and how you can stop these calls is essential for protecting yourself from potential fraud. Here’s everything you need to know about the “Scam Likely” feature.

What Does “Scam Likely” Mean?

Scam Likely Calls

For customers of T-Mobile, Metro by T-Mobile (formerly MetroPCS), and Sprint (post-T-Mobile merger), “Scam Likely” is an alert that identifies potential spam callers. This feature is a part of T-Mobile’s “Scam Shield” protection, designed to block fraudulent calls before they reach you. This proactive measure is automatically enabled for all subscribers, ensuring you don’t have to tweak settings to benefit from it.

T-Mobile utilizes a comprehensive database of known scam numbers and automatically screens incoming calls against this list. Calls flagged as “Scam Likely” could involve various scam tactics, such as:

Impersonating government officials
Demanding payments via gift cards
Proposing fake tech support solutions
Initiating disruptive robocalls

This identification is managed at the network level, so regardless of whether you use an iPhone, Android, or a basic button phone, you’ll see the “Scam Likely” alert. There’s no need for any additional apps, although the free T-Mobile Scam Shield app is available for those who want extra control over these features.

While the “Scam Likely” system is robust, no system is perfect. There may be instances where legitimate calls are mistakenly labeled as scam. It’s advisable to approach these calls with caution. If you choose to answer, protect your personal information vigilantly. If the call feels suspicious or the caller pressures you, it’s safe to hang up. Genuine callers will likely leave a voicemail if it’s important.

How to Block Scam Calls

Although your carrier may alert you about “Scam Likely” calls, these calls aren’t blocked by default. If you find yourself inundated with unwanted calls, T-Mobile offers a free Scam Blocker feature. Here’s how to activate it:

Open your phone’s dialer app.
Enter the code #662# and make the call to activate the blocking.
To confirm activation, dial #787#.

To deactivate the feature, simply dial #632#.

How to Spot Scam Calls?

Most operators have similar services to combat fraudulent calls. This is due to the STIR/SHAKEN, a set of protocols that allows carriers to fight caller ID spoofing. Thanks to these standards, the operator can display a “Call Verified” message on your phone. This way, he confirms that it has not been spoofed. This feature is now becoming available on more and more devices and carriers as they all work to reduce spam calls.

So, if you’re an AT&T customer, you can download their official software. It’s available for iPhone or Android and contains free spam and fraud blocking features as well as advanced protection that’s available by subscription. And if you use Verizon, a free call filtering service is available as well. To manage this feature, you can also install the Verizon Call Filter app, available for iPhone or for Android. Like AT&T, Verizon also offers a paid subscription to improve this. Other carriers likely provide similar services as well. For more information, visit the store, log in to your account management page, or contact your carrier’s customer service number.

How to Block Calls?

Suppose you are annoyed by a spammer, and your operator does not provide such a service. In this case, you can block the annoying number using the standard tools of the operating system of your device. In addition, there are third-party applications available in the app store that can handle this task. These applications usually have a database of fraudulent numbers and will alert you if an incoming call is potentially unsafe. In addition, these apps allow you to detect and block fraudulent calls, regardless of which carrier you have. The disadvantage of such applications is that they are often paid and require a subscription.

How to Block Scam Calls on Android

If your phone has the default dialler app from Google, it will alert you to potential spammers by default. If your Android device uses a different dialer app, do the following:

Open the dial app and tap the number you want to block.
Click on Details, then select Block number.
Block number” width=”338″ height=”600″ class=”aligncenter size-full wp-image-12730″ />

In addition, you can use a third-party app to filter out spam.

How to Block Scam Calls on iPhone

You can block any number on your iPhone using the built-in blocklist feature. To do this, do the following:

Open the Phone app and tap Recent and press the “i” icon next to the number you need to block.
Scroll down and tap Block this caller.

This straightforward process makes it easy to block unwanted calls directly from your call log, helping you manage your privacy and security on your device.

There is a more radical method that will solve the problem of unwanted calls. Your iPhone has a feature that allows you to silence all calls from unknown numbers. To do this:

Open Settings and scroll down to iPhone.
Tap Silence Unknown Callers.
Toggle it to on.

It’s important to understand that if you turn this on, all calls from numbers that aren’t in your contacts will be rejected automatically. Most people receive legitimate calls from unknown numbers from time to time, such as a meeting reminder or an important call from someone using a friend’s phone. We recommend using this method only in extreme cases, such as if you receive much spam. Otherwise, you might miss important calls.

How to Stop Scam Likely Calls

Protecting your cell phone number is the best way to prevent scam calls. You need to add your number to the National Call Barring Registry to do this. Unfortunately, this does not stop all calls, but it will filter out annoying telemarketing and other such garbage.

You also have to be careful when you’re sharing your number. Nowadays, almost every online ad, account, and other services will ask for your phone number. Plus, in some cases, companies can share your number with affiliates for marketing purposes. So think carefully before sharing your number with anyone online. Instead, you can sign up for a free Google Voice number and use it as an additional method of communication. The plus side of this method is that if you provide this number for all secondary services, you can always disconnect the number and not worry about incoming calls, even if they are spam.

The post Scam Likely Calls: How to block them? appeared first on Gridinsoft Blog.

ChatGPT Causes New Wave of Fleeceware

Stephanie Adlam — Tue, 23 May 2023 22:06:46 +0000

Artificial intelligence is one of the most significant advances in technology. It is used in one way or another everywhere, from voice input recognition on your smartphone to autopilot systems in cars. But the latest development in the industry – the launch of OpenAI’s ChatGPT, which has caused a stir even to the point that some influential people want to temporarily halt its growth. But, unfortunately, scammers and those who wish to profit from it haven’t been spared either. Moreover, they started creating fleeceware, which empties users’ wallets. We will talk about them now.

What is fleeceware?

Fleeceware apps have free versions that perform little or no function or are constantly deliberately bombarding users with ads of in-app purchase, that unlock the actual functionality. In this way, tricky developers force users to sign up for a subscription, which can be unnecessarily expensive. Here are the main signs of fleeceware:

The app’s functionality is free from other online sources or through the mobile OS.
The app forces the user to sign up for a short trial period. In the end, the user is charged periodically for the subscription.
The app floods the user with ads, making the free version unusable.

Usually, during installation, such apps request permission to track activities in other apps and websites and request to rate the app before even using it. In the process of abundant spamming with permission requests, such as for sending notifications, the app tries to get the user to sign up for a “free” trial version.

You can click “Ask App Not to Track”

The pseudo-developers are banking on the user, not paying attention to the cost or forgetting that they have this subscription. Since fleeceware is designed to be useless after the free trial period ends, users uninstall it from their devices. However, uninstalling the app does not cancel the subscription, and the user is charged monthly and sometimes weekly for a subscription they don’t even use.

“FleeceGPT”

Researchers recently published a report stating that one mobile app developer made $1 million per month simply by charging users $7 weekly for a ChatGPT subscription. If you’ve never dealt with the chatbot, this may seem like a regular phenomenon. However, the catch is that OpenAI provides this service to users for free. In addition, during a raid on the Google Play and Apple App Stores, experts found several other ChatGPT-related fleeceware apps.

“Genie AI Chatbot,” fleeceware app, was downloaded more than 2m per last month from the App Store. The first reason this app could be called fleeceware is that the popup asks to rate the app before it is fully launched and also asks to track actions in other apps and websites. While this app fulfills its stated function, it can only handle four requests per day without a subscription, which is extremely low. To remove this limitation, the user would have to subscribe, which would cost $7 per week, which is costly.

Measures against fleeceware

Unfortunately, there are a lot of such applications in the official stores, and store owners are in no hurry to remove them. The point is that the store receives a commission for each transaction in the app. For example, Apple gets 30% of each purchase in the application, so they are not interested in being left without earnings. However, both Apple and Google have rules for stores designed to combat earlier generations of fleeceware. These rules prevented app fraud since some apps were worth over $200 monthly. Under the new rules, developers must report subscription fees in advance and allow users to cancel this subscription before the payment is taken off.

However, savvy scammers are finding ways around these rules. According to research, the number of ChatGPT-related web domains increased by 910% from November to April, and URL filtering systems intercepted about 118 malicious web addresses daily. Since ChatGPT is not officially working in some countries, there is a high demand for this bypass solution. It costs as little as 8 cents to output 1,000 words through the OpenAI API, and a monthly subscription to the latest ChatGPT is $20. But scammers offer the functionality of the basic version of the chatbot for an average of $1 a day. However, even after Google and Apple received reports of the fleeceware, some apps were not removed.

Why aren’t the platforms removing some apps?

With more than 20 million iOS developers registered on the App Store and thousands of new apps released monthly, monitoring all this is a tremendous job, even for Apple. Moreover, some fleeceware apps are redesigned web apps. So, their functionality directly depends on a remote content platform. Such apps can pose a risk since, to add malicious functionality, the developer only needs to make some changes remotely without touching the local code. This is a common tactic to bypass protection in official app stores. The only effective way to avoid becoming a victim of such applications is to be vigilant when installing the application, read the description carefully, and see what information the application asks for.

How to cancel the subscription?

There are two types of purchases in online app stores. The first is a one-time purchase. In this case, you pay once and permanently get the application or functionality. The app is added to your library, and you can at any time download it or restore the purchase (if it is an in-app purchase), and no additional fees are involved. The second method consists of a subscription to the app or feature. This means you rent the app or individual components for a recurring payment. However, by the logic of this system, if you subscribe to the app and then delete it, the subscription is not canceled. Money will be charged even if the program is not present on your device.

To cancel your subscription on iOS, follow these steps:

1. Open the Settings app.
2. Tap your name.

3. Tap Subscriptions.
4. Go to Subscriptions.
5. Press Unsubscribe.

The subscription has already been canceled if there is no “Cancel” button or if you see an expiration message in red text.

To cancel your Android subscription, do the following:

1. Open your subscriptions in Google Play on your Android device.
2. Then select the subscription you want to cancel.
3. tap Unsubscribe.
4. Follow the instructions.

How to avoid fleeceware in future?

Since fleeceware does not harm your device, app stores are in no hurry to remove them. However, it hurts your wallet, so prevention is primarily for the user. The following tips will help you avoid these increasingly successful heist schemes.

Beware of free trial subscriptions. Most fleece apps lure users with free three-day trials. However, you will be charged for the subscription without warning once the trial period expires.
Scrutinize the terms of service carefully. Always read the information in the app profile carefully, including the terms and conditions and the in-app purchases section. This section usually lists all the paid features in the app, and the actual subscription cost is generally listed somewhere at the bottom of the page.
Read more reviews. Often fleeceware creators try to flood the reviews section of their apps with fake reviews. You should flip through a few pages or sort through the reviews, and if the five-star reviews at the top are followed by reviews with one star, it’s probably fleeceware.
Don’t be fooled by the ads. Scammers often promote their software through video ads, such as social media. However, sometimes these ads have nothing to do with promoted application.
Improve your payment hygiene. Never use your primary card as a method of paying for subscriptions. Instead, create a separate or virtual card to keep as much money as your existing subscriptions need.
Set a minimum online payment limit on your primary cards or disable it altogether. Also, set up an additional password or biometric verification when you pay. This will prevent unwanted subscription fees from going unnoticed.

The post ChatGPT Causes New Wave of Fleeceware appeared first on Gridinsoft Blog.

Was Your Apple ID Hacked? Here’s How To Secure Your Account

Stephanie Adlam — Fri, 13 Jan 2023 17:07:42 +0000

Apple’s services and products are only accessible through their walled garden. Users can only access the company’s products and services with an Apple ID. If someone figures out your Apple ID credentials, there’s a lot of personal data at risk. Anyone with access to the account can read all emails, regardless of whether they are sent through the account. In addition, they can view calendar entries, contact information, photos, videos, and even files stored in the iCloud drive. If Find my iPhone is enabled, an intruder can access the GPS location of a user’s phone and their notes. But how can this happen? And what can I do about such a mess? Let’s get into it together.

How do Hackers Get Your Apple ID?

Today’s digital world is rife with threats, and you can never be sure of your online safety. Hackers are developing new methods of accessing other people’s phones, this can be difficult to detect. Note that another method of hacking into your device is phishing.

It is not clear to everybody how the app for iPhone may contain spyware. To spread it, hackers use developer’s account tricks, disguising the spyware application as a game or program that is not in the app. The standard disguise is the hack of a paid game/program or some “unique” utility. Users find the ad for such an app somewhere online, follow the instructions, and install the third-party app not controlled by AppStore administration. Of course, not all programs installed in such a way are malicious, but it’s always risky.

Warning from Apple that your device has been compromised

In the case of phishing, the attacker tries to get our iCloud access data. To do that, they’ll send you fake e-mails on behalf of important companies. Attackers will also ask you to fill out forms and send them your confidential data, such as insurance numbers, passwords, and usernames. Additionally, phishing provides the distribution of external links through which to distribute malicious applications.

8 Warning Signs of Apple ID Compromising

As soon as hackers enter your device, you can replace their penetration. To do this, pay attention to such signs:

Your Apple ID password is not working.
Your device is locked or placed into “Lost Mode” while you did not lose it.
You observe files, apps, photos, or messages that you don’t recognize stored in iCloud or anywhere on your device.
You receive an Apple email stating that someone accessed your account from a new device.
You have informed that your account’s email, phone number, or password was changed.
You may receive receipts or documentation of unusual charges from the App Store or iTunes store.
Your account information needs to be corrected. For example, a new name or address is used.
You have informed that your account’s email or phone number altered.
You have notified that your password changed.
You may receive receipts or documentation of unusual charges from the App Store or iTunes store.
Your account information needs a few corrects. For example, usage of new name or address.

What To Do If Your Apple Account Is Hacked

Your iPhone can affect more problems than you can imagine. Be vigilant and avoid unnecessary clicks, be it updates or websites. If you all have noticed some strange activity on your device, do the following steps to counteract.

Log in to your Apple ID account page (appleid.apple.com). If you have trouble performing this or receive a notification that the account is disabled or locked, try resetting the account from your iPhone or any other Apple device, you’ve previously logged in on. To accomplish this, go to Settings, click on your profile on top, then go to Password & Security > Change Password. Here, follow the instructions to reset your password. You can also sign in to your Apple ID account from a new device by selecting “Forgot Apple ID or password?”.

Next, change your Apple ID password, and choose a new, strong password. It could be more secure if your Password only contains letters, digits, and symbols. Consider using a password manager if you need more creativity to develop a password.

Additionally, you should review all of your personal information. Check your name, primary Apple ID email, backup emails, and phone number. It’s necessary to ensure none of this was altered by the intruder. Otherwise, you will no longer be able to log in to your Apple ID and may lose all important files on your device.
The most important security measure is to implement 2FA for your Apple ID. Two-factor authentication adds a layer of security that prevents access to your account even if your Password compromised. You’ll have to verify a second login credential with a PIN that you’ll receive via your mobile device or biometric identification. iPhones have a built-in 2FA authenticator. This can be increased in security by using the 2FA authenticator tool or a third-party 2FA app.

The post Was Your Apple ID Hacked? Here’s How To Secure Your Account appeared first on Gridinsoft Blog.

Calendar Virus Removal on iPhones & Mac

Stephanie Adlam — Tue, 08 Nov 2022 20:13:57 +0000

Calendar virus may not sound familiar to most users. What’s likely happening is that a calendar is spamming you with appointments; it’s just mistakenly appeared in your calendar. Whenever you receive a notification from one of these appointments, you must refrain from clicking any links within the message. Doing so could infect your device with malicious software that steals your personal information. Please continue reading to learn why you received this notification in your calendar and how to fix it.

What is a calendar virus?

App calendar malware, also called Calendar Virus for iOS or iPhone calendar virus, is a kind of spam targeted on Apple devices, that adds fake subscribed calendar accounts to a user’s device without their consent. Affected devices could be iPads, Mac computers, Watches or iPhones. As a result of the spam, users receive notifications for “events” containing malicious links. Its effects are similar to what adware brings to the system it runs in. The terms “iPhone calendar spam” and “iOS calendar spam” refer to this Apple OS activity. This type of notification may contain disturbing headers to force you to follow the link. Here are examples of similar messages:

Virus on iPhone? Clean up now!

Ensure your online protection, click now!

Your phone is not protected! Click to protect

Keep your iPhone safe from malicious attacks!

Your iPhone is infected with a virus! delete it now

Some messages will arouse the user’s curiosity and sense of urgency. Usually, after a user follows something like this and clicks a link, it launches malicious sites or questionable software on his device. Alternatively, it can redirect the victim to phishing pages.

Where does the iPhone Calendar Virus come from?

After all the above characteristics, you probably wonder where fake invitations appear on the calendar. Like most other malware and viruses, calendar viruses are often spread through the same malicious sites as they advertise, or social engineering. So, how to get rid of the calendar virus? Here are some typical ways of being infected by that nasty thing:

1. Attackers have got hold of your email address.

If the attacker has your email address, it means that in the future, you will be a target of email spam. This happens after you enter your email address on unfamiliar websites to confirm something or to buy a product. Usually, such shady sites can sell your information to make money – and they don’t care about customers’ comfort. In rare cases, emails leak when companies suffer from data leaks.

Example of a phishing email from attacker

2. You inadvertently clicked on a malicious link.

Some scam websites might use fake captcha puzzles to bypass site warnings and trick you into downloading malware. Alternatively, they can use disguised calendars as captchas to trick you into subscribing to them. If you’re in a hurry, clicking OK might be easier than selecting any other option.

3. Receiving a spam link by text message

After clicking on a spam text that directs you to “track a package”, you subscribe to a calendar full of appointments, like “critical threats” and similar warnings. One of these spam messages might request tracking information and provide a link for accessing the Calendar.

How to clear calendar virus iPhone

Apple products are linked within the ecosystem. Once you get spam on your iPhone calendar, it will also show up on your other Apple devices. The tips below should help you get rid of calendar spam on your iPhone, iPad, Mac, and anywhere else. But how to remove the iPhone calendar virus from all devices simultaneously?

For Newer iPhones:

Go to Settings→Calendar→Accounts
Find an account you don’t recognize and delete it. Calendar virus account name may be something like "Calendar Events", "Events Calendar", "Calendar Events Viewer", or similar.
Delete all calendar accounts you don’t know.
After removing, your event should be normalized.

For Older iPhones:

Go to the Calendar app.
Press Calendar at the bottom of the screen
Find a calendar you need. Click the More info button next to it, then scroll down and click Delete Calendar.

Cleaning Calendar Virus From your Mac:

Run Calendar (or iCal)
Press Calendar in the menu bar and select Settings
At the General tab, from the Default Calendar menu, select only the Calendar you want to use. Click “Save”.
Make sure that calendars you do not want to recognize or use are not selected or saved. This will delete them.

Cleaning Calendar Virus from iCloud.com:

Go to Calendar> Click the gear icon > Settings
From the default menu, select only the Calendar you want to use. Opt for "Save"
Make sure calendars you don’t know or don’t want to use are not selected or saved

How to stop iPhone calendar spam?

Successful counteraction requires proactive action and increased preparedness for the virus to be caught at any time you visit third-party sites. Therefore, below is a guide to reducing the risk of hacking your account.

1. Block pop-ups in Safari

You can enable warnings for fraudulent websites on your iPhone or iPad by going to Settings > Safari, then navigating to the Websites tab. On a Mac, you can access this functionality by navigating to Safari > Preferences. Inside the Preferences section, find the Security tab and toggle Fraudulent Websites Warnings. Keep in mind the security of your Safari web browser pages, this is important.

2. Be careful where you click.

Do not interact with fake calendar notifications; instead, delete them. Also, be wary of links and attachments in messages that indicate text or email with unknown content. And when encountering captchas, avoid tapping or clicking on them. For example, when responding to an appointment, it’s imperative not to click on any links or active sections of the message. Instead, respond by swiping from right to left and selecting Delete. Your iPhone may prompt you to Report Junk; if this happens, report the message by tapping Report Junk and then pressing Confirm.

3. Review and change your calendar settings

One of the best ways to reduce calendar spam is to block notifications. However, it’s also a good idea to make sure none of your devices are set to accept calendar invitations automatically. While this setting is convenient for busy people, it can be used as a loophole to inject unwanted spam into the Calendar. To change your calendar preferences:

Sign in to your iCloud account and select Calendar
Click the gear icon in the bottom left corner of the app screen and select Settings.
Press at the Advanced tab.
In the "Invitation" subsection, click the radio button next to the "Send an email to [your email address]" option to make this your default instead of "In-App Notifications."

The post Calendar Virus Removal on iPhones & Mac appeared first on Gridinsoft Blog.

Spy method NoReboot allows simulating iPhone shutdown and prying through the camera

Vladimir Krasnogolovy — Mon, 10 Jan 2022 19:03:35 +0000

The NoReboot spy method allows intercepting the iPhone restart and shutdown process and prevent them from ever happening.

ZecOps has developed a new method to simulate restarting or shutting down the iPhone and thereby prevent the removal of malware from it, with which hackers can secretly track the victim through the microphone and phone camera.

As a rule, in order to remove malware from an iOS device, simply restart it. The method developed by ZecOps specialists allows to intercept the process of reboots and shutdowns and make it so that they never happen. This way the malware gains persistence on the system as it never actually shuts down.

Since no vulnerabilities need to be exploited to carry out the NoReboot attack, Apple is unable to release a hotfix.ZecOps experts say.

To restart iPhone, user needs to press and hold the power button or volume control until a slider appears with the option to restart. Then he should wait 30 seconds for the process to complete.

When the iPhone is turned off, the screen goes blank, the camera turns off, the long press does not respond, the ringtone and notification sounds fade and there is no vibration. ZecOps has developed a PoC Trojan capable of injecting special code into three iOS daemons to simulate shutdown by disabling all of these indicators.

The Trojan interrupts the shutdown event by intercepting the signal from the SpringBoard application that is responsible for interacting with the user interface. Instead of the expected signal, the Trojan sends a code that forcibly terminates SpingBoard, causing the device to stop responding to user actions. It looks like the iPhone is turned off.

The BackBoardd daemon, which logs physical button presses and timestamped screen touches, is then instructed to display a spinning wheel to indicate that the device is turned off. The user thinks that the iPhone has turned off, releases the button ahead of time, and the actual shutdown process never starts.

The video below shows the NoReboot attack in action. Judging by the video, with its help you can very easily convince the victim that her phone is turned off.

You might also be interested to know that Cybersecurity expert created an exploit to hack iPhone via Wi-Fi, and that Vulnerabilities allowed access to cameras on Mac, iPhone and iPad.

The post Spy method NoReboot allows simulating iPhone shutdown and prying through the camera appeared first on Gridinsoft Blog.

Vulnerability in Apple iCloud puts billion users at risk

Vladimir Krasnogolovy — Tue, 07 Dec 2021 22:12:50 +0000

Security of over a billion iPhone owners and users of popular instant messengers is at risk due to a vulnerability in Apple iCloud.

As the Forbes reports, private messages sent via iMessage and WhatsApp on iPhone are not secure when using factory settings.

While encrypted apps like iMessage and WhatsApp keep messages on the device completely safe, a vulnerability in Apple’s iCloud backup system puts them at risk, and unauthorized people can access messages. This is possible as Apple stores message encryption keys in iCloud backups, which undermines the main security features that protect iMessage.

Apple states in its security policies: “End-to-end encryption protects iMessage conversations on all your devices, so Apple cannot read your messages as they are transfered between devices.”
This means that while messages are completely secured in transit between phones, they don’t have to be secured on the device or in the cloud.

iMessage is secured by end-to-end encryption, the idea being that the keys to decrypt messages between you and those you message are only shared between you. That stops anyone intercepting your content. But in a bizarre twist, Apple stores a copy of those encryption keys in that iCloud backup, which it can access. That means the end-to-end encryption is actually fairly pointless.information security specialist and Forbes columnist Zak Doffman writes.

Apple has come under a lot of pressure recently after an internal FBI document was released proving that the bureau regularly accesses messages on nine secure messengers, including iMessage and WhatsApp.

If the target is using an iPhone and iCloud backup is enabled, the data returned by iCloud may contain WhatsApp data to include the content of the message.the FBI document says.

To keep their messages safe, users can turn off iCloud backups.

Apple also urgently needs to change its approach to iCloud to stop storing encryption keys and avoid backing up encrypted data.

The post Vulnerability in Apple iCloud puts billion users at risk appeared first on Gridinsoft Blog.

Experts showed fraudulent payments from a locked iPhone with Apple Pay and a Visa card

Vladimir Krasnogolovy — Thu, 30 Sep 2021 19:44:35 +0000

Scientists talked about how to make fraudulent payments using Apple Pay with a Visa card on a locked iPhone. This scam works over the air, even if the iPhone is in your bag or pocket, and has no limit on the number of transactions. A report on this issue [PDF] will be presented at the IEEE 2022 Symposium.

Their research was published by the University of Birmingham and the University of Surrey, who found that the iPhone can confirm almost any transaction under certain conditions. Typically, for the payment to go through, the iPhone user needs to unlock the device using Face ID, Touch ID, or a passcode. However, in some cases this is inconvenient, for example, when paying for public transport fares. For such cases, Apple Pay provides Express Transit, which allows making transactions without unlocking the device.

Express Transit, for example, works with transport turnstiles and card readers that send a non-standard byte sequence bypassing the Apple Pay lock screen. The researchers say that in combination with a Visa card, “this feature can be used to bypass the Apple Pay lock screen and make illegal payments from a locked iPhone, using any EMV reader, for any amount and without user authorization.”

For example, experts were able to simulate a transaction at the turnstile using a Proxmark device that acts as a card reader, which communicated with the target iPhone, as well as an Android smartphone with NFC, which communicated with the payment terminal.

In essence, this method is a replay and relay MitM attack in which Proxmark plays back iPhone magic bytes to trick the device into believing it is a transaction at the turnstile, so no user authentication is required to authorize the payment.

The attack works by first replaying the ‘magic bytes’ for the iPhone in a way that it believes is a transaction with an EMV reader in the transport. Then, when relaying EMV messages, it is necessary to change the Terminal Transaction Qualifiers (TTQ) transmitted by the EMV terminal in such a way as to set the bits (flags) for Offline Data Authentication (ODA) for Online Authorizations and the corresponding supported EMV mode.the authors of the report say.

Digging deeper into the problem, the researchers found they could change the Card Transaction Qualifiers (CTQ), which are responsible for setting limits for contactless transactions. Thus, it was possible to trick the card reader so that the authentication on the mobile device was successfully completed.

As a result of the experiments, the researchers were able to make a transaction of £1000 from a locked iPhone, and successfully tested such an attack on the iPhone 7 and iPhone 12.

At the same time, it is noted that the tests were successful only with iPhone and Visa cards (in the case of Mastercard, a check is performed to make sure that the locked iPhone carries out transactions only with card readers, for example, in transport). By examining Samsung Pay, the researchers concluded that transactions with locked Samsung devices are possible, but the value is always zero, and transportation providers charge tolls based on the data associated with these transactions.

Experts say that they submitted their findings to Apple and Visa engineers in October 2020 and May 2021, but the company still has not fixed the problem.

Our discussions with Apple and Visa have shown that both parties are partially to blame, but neither of them is willing to take responsibility and implement a fix, leaving users vulnerable indefinitely.the study authors say.

Visa officials told Bleeping Computer the following:

Visa cards connected to Apple Pay Express Transit are secure and cardholders can continue to use them with confidence. Variants of contactless fraud schemes have been studied in laboratory conditions for more than ten years, but have been found unsuitable for large-scale implementation in the real world.

Let me remind you that I reported that Scientists have developed an attack that allows not to enter a PIN code while paying with Visa cards.

The post Experts showed fraudulent payments from a locked iPhone with Apple Pay and a Visa card appeared first on Gridinsoft Blog.

Cybersecurity expert created an exploit to hack iPhone via Wi-Fi

Vladimir Krasnogolovy — Thu, 03 Dec 2020 21:43:34 +0000

Google Project Zero expert Ian Beer has demonstrated an exploit to hack iPhone and other iOS devices remotely and without user interaction.

The underlying critical vulnerability CVE-2020-3843, discovered by the researcher, made it possible to remotely steal sensitive data from any device in the Wi-Fi hotspot without any user’s interaction.

The exploit, which Bier worked on alone for six months, allows “to view all photos, read all e-mail, copy all private messages and track everything that happens [on the device] in real time.”

Since Apple engineers fixed the problem back in the spring of this year (within the framework of iOS 13.3.1, macOS Catalina 10.15.3 and watchOS 5.3.7), and the researcher has now disclosed details of the problem and even demonstrated an attack in action.

The root of the problem was a ‘rather trivial buffer overflow error’ in the Wi-Fi driver related to Apple’s Wireless Direct Link (AWDL), a proprietary network protocol developed by Apple for use with AirDrop, AirPlay, and so on. which was intended to simplify the exchange of data between Apple devices.says Ian Beer.

The video below shows how, using an iPhone 11 Pro, Raspberry Pi, and two Wi-Fi adapters, the researcher were capable of remotely reading and writing of random kernel memory. Beer used all of this to inject shellcode into kernel memory through exploiting the victim process, escaping the sandbox, and retrieving user data.

Essentially, a potential attacker needed to attack the AirDrop BTLE infrastructure in order to enable the AWDL interface. This was done through brute-force hash values of the contact (after all, usually users provide AirDrop with access only to their contacts), and then an AWDL buffer overflow.

As a result, it was possible to gain access to the device and run malware with root privileges, which gave the attacker complete control over the user’s personal data, including email, photos, messages, iCloud data, as well as passwords and cryptographic keys from the Keychain, and much more.

Even worse, such an exploit could have the potential of a worm, that is, it could spread from one device to another “by air” and again without user intervention.

Beer notes that this vulnerability was not exploited by cybercriminals, but the hacking community and “exploit vendors seem to be interested in the released fixes.”

I also wrote that Researcher remotely hacked iPhone using only one vulnerability.

And always remember that US authorities can hack the iPhone, but may have difficulties with Android.

The post Cybersecurity expert created an exploit to hack iPhone via Wi-Fi appeared first on Gridinsoft Blog.

Kr00k problem threatens devices with Qualcomm and MediaTek Wi-Fi chips

Vladimir Krasnogolovy — Mon, 10 Aug 2020 16:48:17 +0000

In early 2020, ESET experts spoke about the Kr00k vulnerability (CVE-2019-15126), which can be used to intercept and decrypt Wi-Fi (WPA2) traffic. Then it was reported that any devices using the solutions of Cypress Semiconductor and Broadcom, from laptops and smartphones to routers and IoT devices, are susceptible to this problem. Now there is information that the Kr00k problem threatens devices with Qualcomm and MediaTek Wi-Fi chips.

So, in March, ESET experts wrote that they tested and confirmed the problem for iPhone, iPad, Mac, Amazon Echo and Kindle, Google Nexus, Samsung Galaxy, Xiaomi Redmi, Raspberry Pi 3, as well as for Wi-Fi routers from Asus and Huawei. In total, the Kr00k vulnerability was thought to threaten about a billion different gadgets.

“The Kr00k problem is associated with encryption, which is used to protect data packets transmitted over Wi-Fi. Typically, such packets are encrypted with a unique key, which depends on the Wi-Fi password, which established the user. However, for vulnerable chips, this key is reset to zero in case of the disassociation process, for example a temporary shutdown, which usually occurs due to a bad signal”, – told ESET researchers.

Thus, attackers can provoke the transition of the device into a long dissociation state and receive Wi-Fi packets intended for it. Then, by exploiting the Kr00k bug, attackers can decrypt Wi-Fi traffic using a “zero” key.

Following the release of ESET’s February report, Broadcom and Cypress engineers have released fixes for their products.

However, ESET experts have now warned that the chips from Qualcomm and MediaTek are vulnerable to similar flaws.

In the case of Qualcomm, the vulnerability received the identifier CVE-2020-3702, and using this bug, an attacker (after dissociation) can get access to confidential data.

“The difference with the attack described above is that the data captured in this case is not encrypted at all, while exploiting the original Kr00k problem at least requires the use of a “zero” key”, – said the experts.

Researchers tested this vulnerability using the D-Link DCH-G020 Smart Home Hub and Turris Omnia wireless router as examples. However, any other devices that use vulnerable Qualcomm chips, can be also affected by the new issue.

Qualcomm released a patch for its proprietary driver in July 2020, but the situation is complicated by the fact that some vulnerable devices are using open source Linux drivers, and it is unclear if the problem will be fixed there. Qualcomm said they have already provided OEMs with all the necessary instructions, and users can only wait for the release of patches from specific manufacturers.

In addition, ESET experts found that MediaTek chips, which are widely used in Asus routers, as well as in the Microsoft Azure Sphere development kit, also do not use encryption at all.

“Azure Sphere uses the MediaTek MT3620 microcontroller and targets a wide variety of IoT applications, including smart homes, commercial, industrial and many other sectors”, — write the researchers.

MediaTek released fixes for this issue in March and April, and Azure Sphere received patches in July 2020.

Amid release of a number of exploits for the original Kr00k vulnerability, the researchers have published a special script that will help to find out if the device is vulnerable to the original Kr00k or new variations of this attack.

The post Kr00k problem threatens devices with Qualcomm and MediaTek Wi-Fi chips appeared first on Gridinsoft Blog.