• Home
  • blog
  • Explain the security mechanism to ensure the ESET iPhone
  • Aug 19, 2022

Explain the security mechanism to ensure the ESET iPhone

This article re -edits the "Is the virus warning real? What is the meaning of the warning display issued by the iPhone?"

 From its mechanism and specifications, the iPhone is said to be relatively robust.However, "fake alerts", which takes their safety on the contrary, will be troublesome for users.In this article, we will introduce the warnings issued by the iPhone themselves and the meaning of the fake warning.

Security mechanism to ensure the iPhone

 Compared to Android smartphones, the public is generally recognized as robust security.To support the image, the iPhone has taken strict security measures.The following are three security measures implemented by the iPhone.

・ IOS "Sandbox"

 The iPhone has introduced a "sandbox" mechanism in the execution environment of the app.A sandbox means a "sandbox in the park", but it is a good idea to imagine the surroundings of something like a wall made of a net.Executing the app in the sandbox does not affect the area of the sandbox even if dangerous occurs.In short, apps executed in a isolated environment inside the iPhone do not affect other apps and OS itself.As a result, the app cannot be performed by Trojan and worms, such as communication with other apps or producing apps.

・ Examination on the official app store "App Store"

 To distribute apps to install on the iPhone, you need to be screened at the App Store.In the examination, the safety will be ensured by checking items such as unauthorized acquisition of user data and adding inappropriate metadata aimed at the optimization of search in the App Store.Bugs are identified, private APIs, etc. are also performed.

・ Restricted download via "App Store"

 Basically, the apps that can be installed on the iPhone are limited to downloaded on the App Store.What is distributed in the App Store has passed the screening as described above, so a certain safety is ensured.Also, iOS14.After 5, privacy requirements have been stricter, and the level of security has been improved.

 In one example, regarding user tracking, third -party cookies were used before, but to now access users' behavioral tracking and user device advertisements, the user of the user through a framework of App Tracking Transparency.You need to get permission.

 In addition, it is difficult for users to understand that the apps that have been installed in the past have performed suspicious behavior.iOS14.In 5 or later, even if the permission of users in the past, if the risk is assumed, it is increasingly safe because it emits alerts to users.However, it is important to note that security is guaranteed when using "general" iPhone, and that it is not so -called "jailbreak".I need it.

What is the security display performed by the iPhone?

 When using the iPhone, the following is a case where a user emits a security alert when a user extends to high security risks.

・ "Warning of fraudulent website"

 This warning is issued when accessing a website, which is suspected of fraud on personal information, including credit card numbers.For example, there is a case where a notification of a courier service is sent via SMS, and if you click the link in the notification, such a warning will be displayed.This kind of warning is displayed when accessing a website where phishing fraud is suspected, so you should refrain from accessing the site if it is displayed.

・ "Recommendation for key chain"

 A key chain is a password management function using iCloud.It is convenient and there are many users who use it.When entering a password using this key chain, you may encourage users to change the password.In that case, a text such as "This password has been detected by data leakage" is displayed in the change notification.

 If this warning is issued, it is considered that password leakage is likely, so I would like to change the applicable password promptly.Also, if you are using a password, don't forget to change your password for other websites and services.

・ "Low security security"

 A warning issued when using an old standard encryption method such as WEP and WPA2 when connecting to Wi-Fi.Although connecting does not always encounter damage, the risk is higher than that of the latest WPA3.In particular, in the WEP method, the cryptocation key is deciphered in less than a few minutes even in recent processing capacity.If you use it as a Wi-Fi at home, it is recommended that you replace it with a new standard immediately.If it is a recently released router, most of the Wi-Fi6 standards are compatible with WPA3.

ESET Security mechanism to ensure the iPhoneを解説

 In addition, public Wi-Fi can be used as much as possible and connects to the Internet via VPN when using it, enhancing safety.

・ "Do you trust this computer?"

 When backing up the contents of the iPhone to the computer, this message is displayed at the first connection.By selecting "Yes", you can access your iPhone data from your computer.Therefore, do not allow unreliable PCs.It was revised in the OS update in November 2020, but iOS has also discovered vulnerabilities that could download malicious content in the past, abusing trust relationships.

 In addition to those introduced so far, various alerts are emitted on the iPhone.I don't want to be troublesome or troublesome, but I want to check the contents of the alert each time.

Fake security warning "Fake Alert"

 As we have seen so far, iPhone security measures have been strengthened.As a result, many users use it under the perception that security risks do not occur.Be careful of fake alerts, an attack method that takes such a psychological state in reverse.Fake alert is simply a "fake warning message".Mainly, it is often emitted while browsing the website with a browser, and as shown in Fig. 1, it threatens users as if they were not infected with viruses.

Figure 1: Example of fake alerts emitted during browsing in Safari

 Even more malicious is that if this page is displayed, just tapping the "return" button on the web browser cannot return to the original page.As a mechanism, we use a website redirect method.By preparing multiple redirect, the redirect will continue even if the user taps the "return" button many times.

 The attacker is aiming for users who cannot return to the original page for a long time to click on the "repair now" displayed on the screen to seek salvation.In fact, tapping the "Repair now" button is guided to a page that sells suspicious restoration apps.Needless to say, it doesn't make sense to buy this app because you're not infected with malware.

 In this case, the most appropriate solution is to delete the page with the tab from the "tab" button of the web browser.In the case of Safari on the iPhone, tap the tab icon where the □ in the lower right is overlapped and tap the “×” displayed at the upper left of the closed tab.Many fake alert pages are simple web pages as a mechanism, so if you delete the page itself, there is no danger.

 However, it is hard to imagine that such fake alerts will change their hands and generate them.As a user, we want to eliminate the risk of damage by dealing calmly even if we witness this situation.

Vulnerability and correspondence of the iPhone

 There is a risk of vulnerabilities even for iPhone, which is said to be highly safe.We will introduce specific vulnerabilities and countermeasures.

・ Jailbreak (Jail Break)

 Apple, an iPhone provider, is known for its severe security requirements in app development.Although such attitudes were successful and boasted robust security, in the past, the strictness restricted the function of the app.As a result, the OS has been remodeled so that some users can install apps without going through the App Store.Such an act is called "jailbreak".By jailbreak, you can usually prohibit prohibited.

 However, jailbreak and unrecorded apps will dramatically increase the risk of infection to malware.In addition, since the operation may be unstable, the iPhone with jailbreak history is not supported, so even if a failure occurs, it cannot be repaired.In recent years, the advanced iPhone has been expanded, and the benefits of jailbreak are less than before, and easy jailbreak is not recommended, given the risks associated with exchange.

・ Zero day attack

 A zero -day attack is an attack that hits vulnerabilities that have not been recognized in the past.Although people involved in the development of the iPhone are reluctant to find vulnerabilities every day, it may be a characteristic of the program that the discovery of vulnerabilities is still intermittent.In the case of high -risk vulnerability on the iPhone side, or if the zero -day vulnerability is found to have been used for attacks, the OS and application fix patches are promptly distributed.

 As a user, I would like to make sure that the "automatic update" of "Software Update" is turned on in iOS "settings".Also, if an update is distributed on the App Store for the app, it is a good idea to make it quickly applied.

・ Supply chain attack

 There are two supply chain attacks: entering corporate trading, and those that enter the development process of software and apps.The latter supply chain attack is affected by the iPhone, and the process is that malware is installed in software used as a development environment, and it is also incorporated into completed software.Although the official app is checked for suspicious behavior when registering on the App Store, there is also a type of malware that hides without suspicious behavior at the time of examination.

 Users recognize that they are not stones just because they have passed the App Store screening, and delete suspicious and unnecessary apps as appropriate.

Zero click?New threat to iPhone

 As a result of smartphones indispensable for everyday life, attacks aiming for smartphones are increasing year by year.And the risk is not unrelated to the iPhone.The fact is that there is no way to defend clever attack methods, such as zero -day attacks and supply chain attacks mentioned earlier.

 Recently, the existence of spyware called "Pegasus" has become a hot topic in the security industry.This spyware is iOS14.It is said to be malicious to infect the iPhone of 6 or less, secretly transfer messages and photos stored in the terminal, or record calls.

 The infection method is also troublesome, and by sending a specific "message" data to the targeted iPhone, the OS will cause an abnormal operation to the OS itself to download and launch malware itself.It is thought to have been installed by exploiting so -called zero click vulnerabilities.

 The vulnerability that PEGASUS has already abused has taken measures in the latest version of the OS, but it is undeniable that the appearance of the variants has been tremendous.After all, the user is required to take measures as needed and take measures as needed.

 For example, in driving a car, even in the case of an iPhone, it always confront various risks in its use, as it is always adjacent to some kind of risk.As a user, we want you to keep your daily attack methods and related risks, and constantly take appropriate measures to protect yourself.

Tags: How to detect and delete smartphone spyware