Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

iOS Scareware Campaign Abuses Safari Vulnerability

One of the vulnerabilities addressed by Apple this week with the release of iOS 10.3 has been being abused by scammers to execute a scareware campaign, Lookout researchers warn.

One of the vulnerabilities addressed by Apple this week with the release of iOS 10.3 has been being abused by scammers to execute a scareware campaign, Lookout researchers warn.

The mobile security firm discovered that cybercriminals were abusing the handling of pop-up dialogs in Mobile Safari in a way that allowed them to lock victims out of the browser. Attackers extorted money from their victims, demanding iTunes Gift Cards and were displaying threatening messages to the victims, in an attempt to scare them into paying.

The issue, Lookout explains, was that the manner in which Mobile Safari was handling website pop-up dialogues affected the entire application rather than only the tab in which the site was opened. Starting with iOS 10.3, these dialogues can no longer affect the entire app.

By blocking the browser, the attackers were attempting to scare users into believing their data has been encrypted, but the attack could be easily thwarted. Any knowledgeable user could simply head to the iOS settings and clear the browser’s cache to restore functionality.

Conducted via several related websites, the attack was discovered last month, when a user reported losing control of Safari after visiting a web page. An overlaid “Cannot Open Page” dialog from Safari prompted the user to tap OK, but the dialogue would reappear in an infinitive loop. A “Your device has been locked…” also appeared.

The attack was contained within the app sandbox and no exploit code was being used, but attackers effectively abused fear as the main factor of convincing victims to pay before they realized there was no actual risk.

“The scammers registered domains and launched the attack from the domains they owned, such as police-pay[.]com, which the attackers apparently named with the intent of scaring users looking for certain types of material on the Internet into paying money. Examples range from pornography to music-oriented websites,” the researchers explain.

Lookout determined that the attack appears to have been developed for older versions of iOS, but the abuse of pop-ups in Mobile Safari was still possible until iOS 10.3. Apple has patched the issue in a way that prevents similar pop-ups from blocking the entire application. This means that users can now close a tab that is misbehaving.

Advertisement. Scroll to continue reading.

The security content of iOS 10.3 included patches for 83 other vulnerabilities. Additionally, Apple patched flaws in macOS, watchOS, tvOS, Safari, and various macOS and iOS software.

Related: Hackers Can Intercept Data From Popular iOS Apps

Related: Bug Allows Activation Lock Bypass on iPhone, iPad

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...