This October, it will have been 15 years since the first iPod hit shelves. Who could have predicted the little brick with the clicking spin wheel would launch a technological revolution to change not only the way we communicate and access information, but interface with our lives?
Apple’s subsequent ascent from obscurity to ubiquity was meteoric. And while the iPod has since gone the way of the dodo, its successor the iPhone continues to be the golden goose of the mobile world.
The culture (emphasis on “cult”) that developed around Apple products didn’t come naturally. In a market overwhelmingly dominated by Microsoft, Mac needed to give itself an edge beyond sleek design and UX for the creative class. It needed something pragmatic — like a reputation of consumer safety and security.
Reinforced by strategic copy on their website, marketing initiatives and media partnerships, there has long been a rumour that Apple products simply do not get viruses. This is not true. While Macs traditionally have been less likely to get viruses, it’s more an issue of market share: PCs significantly outnumber Macs and have made more sense to target. Fortunately for Apple, this (false) sense of security extended to iPhone users.
Both PC and Mac users perceive Apple products as safer, extending to iPhones and Android users alike. This is consistently perpetuated by tech journalists. For instance, Rick Broida of CNet just last week stated “There’s one key difference between Android and iOS: security. Apple routinely takes heat for its stringent app-approval process, but when was the last time you heard about a rogue app wreaking havoc on iOS? Android, meanwhile, occasionally suffers malware incursions, most recently in the form of fake Pokemon Go apps.”
Here’s the uncomfortable truth about your iPhone: an Apple a day will not keep the hackers away. (In fact, they now can be infected with malware right out of the box.) It’s only logical that as iPhones take a larger share of the mobile market, they would become bigger targets. While iPhones are still less likely to have malware than Androids, their owners have increasingly become the victims of phishing attacks.
Phishing has become the latest frontier in the battle for mobile cybersecurity. Hackers employ some rather prodigious graphic design and copy to lure you —and your personal and financial data— through social media, instant messages, SMS texts and emails to malicious sites where you’ll either be asked to log in or unintentionally download malware. It’s existed for some time, but increasingly is rearing its ugly head among iOS users.
The “bait” in the most recent iPhone phishing scandal was hidden behind the Find My iPhone app. As documented by near-victim Joonas Kiminki, thieves are targeting people when they’re at their most vulnerable: immediately after having lost their iPhone. The poor souls would report it missing on Find My iPhone and request alerts once it was back online. An email would miraculously arrive soon after, much to the delight of the owner. All they needed to do is click a link and log in to their iCloud account to uncover the location of their iPhone. Despite an Apple-esque veneer, the URL didn’t redirect to Apple Inc. Instead, it went to “show-iphone-location.com”. Red flag.
Turns out these thieves are now adding insult to injury. After having stolen people’s iPhones, they’re now trying to lure them in with a phishing scheme. Access to one’s iCloud account would allow crooks to access, change the password and erase an iPhone before reselling it. It also lets them purchase whatever they want on iTunes, the App Store and potentially the Apple store. Yikes.
This is the second major phishing scandal for iPhone users this year and, at this rate, they are only going to continue to increase in frequency. Despite doubtless protestations from Apple’s PR team, it is the responsibility of the cybersecurity community to work with media and the public to dispel the iOS myth of iron-clad impenetrability.
While phishing may not be downloadable like malware, and thus not as easy to protect against with traditional antivirus software, by shaking Apple owners out of their false sense of security and invulnerability, we can encourage them to be more vigilant and critical of the messaging they receive.
It’s like the old saying goes: “Teach a man about phishing, and he’ll never get hacked again.” Or something like that.