{"id":7138,"date":"2017-03-28T12:30:23","date_gmt":"2017-03-28T20:30:23","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/28\/news-929\/"},"modified":"2017-03-28T12:30:23","modified_gmt":"2017-03-28T20:30:23","slug":"news-929","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/03\/28\/news-929\/","title":{"rendered":"Scammers scare iPhone users into paying to unlock not-really-locked Safari"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2016\/10\/iphone-security-stock-100687240-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Gregg Keizer| Date: Tue, 28 Mar 2017 13:28:00 -0700<\/strong><\/p>\n<p>Apple yesterday patched a bug in the iOS version of Safari that had been used by criminals to spook users into paying $125 or more because they assumed the browser was broken.<\/p>\n<p>The flaw, fixed in Monday&#8217;s iOS 10.3 update, had been reported to Apple a month ago by researchers at San Francisco-based mobile security firm Lookout.<\/p>\n<p>&#8220;One of our users alerted us to this campaign, and said he had lost control of Safari on his iPhone,&#8221; Andrew Blaich, a Lookout security researcher, said in a Tuesday interview. &#8220;He said, &#8216;I can&#8217;t use my browser anymore.'&#8221;<\/p>\n<p>The criminal campaign, Blaich and two colleagues reported in a <a href=\"https:\/\/blog.lookout.com\/blog\/2017\/03\/27\/mobile-safari-scareware\/\" target=\"_blank\">Monday post to Lookout&#8217;s blog<\/a>, exploited a bug in how Safari displayed JavaScript pop-ups. When the browser reached a malicious site implanted with the attack code, the browser went into an endless loop of dialogs that refused to close no matter who many times &#8220;OK&#8221; was tapped. The result: Safari was unusable.<\/p>\n<p>At the same time, the attack showed a message, purportedly from a law enforcement agency, demanding payment to unlock the browser for, in one instance at least, simply steering to a URL that suggested the site&#8217;s content was pornographic. Payment was to be made by texting a \u00a3100 ($125) iTunes gift card code to a designated number.<\/p>\n<p>Blaich stressed that the attack was as much scam as scare: To regain control of Safari, all one had to do was head to Settings, tap Safari, then Clear History and Website Data.<\/p>\n<p>&#8220;This was a scareware attack, where [the attackers] were trying to get people to not think and just pay,&#8221; said Blaich.<\/p>\n<p><i>Scareware<\/i> is a label applied to <a href=\"http:\/\/www.computerworld.com\/article\/2508559\/security0\/everything-you-need-to-know-about-mac-scareware.html\">phony security software<\/a> that claims a computer is heavily infected with malware. Such software nags users with pervasive pop-ups and fake alerts until they fork over the &#8220;registration&#8221; fee, sometimes in the hundreds of dollars.<\/p>\n<p><i>Ransomware<\/i> has largely replaced scareware as the go-to shakedown; the former compromises a computer, encrypts some or all the contents of the local storage, then promises to hand over an encryption key in return for a large payment.<\/p>\n<p>What Lookout found was definitely <i>not<\/i> a ransomware attack against iOS. &#8220;The device was never compromised nor was its data exposed to the hackers,&#8221; Blaich said. &#8220;You would have to compromise the device and encrypt the data [to conduct a ransomware attack]. The app sandbox prevented this from happening.&#8221;<\/p>\n<p>In iOS 10.3, Apple re-engineered Safari so that it handles JavaScript pop-ups on a per-tab basis. iOS 10.3 also patched 84 security vulnerabilities.<\/p>\n<p>&#8220;[The hackers] hoped you would just react, want to cover it up, then pay and move on,&#8221; Blaich said.<\/p>\n<p>Scammers hobbled Safari with an endless loop of pop-ups, then tried to scare iPhone users into paying $125.<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3185401\/apple-ios\/scammers-scare-iphone-users-into-paying-to-unlock-not-really-locked-safari.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2016\/10\/iphone-security-stock-100687240-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Gregg Keizer| Date: Tue, 28 Mar 2017 13:28:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Apple yesterday patched a bug in the iOS version of Safari that had been used by criminals to spook users into paying $125 or more because they assumed the browser was broken.<\/p>\n<p>The flaw, fixed in Monday&#8217;s iOS 10.3 update, had been reported to Apple a month ago by researchers at San Francisco-based mobile security firm Lookout.<\/p>\n<p>&#8220;One of our users alerted us to this campaign, and said he had lost control of Safari on his iPhone,&#8221; Andrew Blaich, a Lookout security researcher, said in a Tuesday interview. &#8220;He said, &#8216;I can&#8217;t use my browser anymore.'&#8221;<\/p>\n<p>The criminal campaign, Blaich and two colleagues reported in a <a href=\"https:\/\/blog.lookout.com\/blog\/2017\/03\/27\/mobile-safari-scareware\/\" target=\"_blank\">Monday post to Lookout&#8217;s blog<\/a>, exploited a bug in how Safari displayed JavaScript pop-ups. When the browser reached a malicious site implanted with the attack code, the browser went into an endless loop of dialogs that refused to close no matter who many times &#8220;OK&#8221; was tapped. The result: Safari was unusable.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3185401\/apple-ios\/scammers-scare-iphone-users-into-paying-to-unlock-not-really-locked-safari.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11077,11072,714],"class_list":["post-7138","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple-ios","tag-cybercrime-hacking","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7138","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7138"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7138\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7138"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7138"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}