iPhone and iPad Security

How to Fix 5 Common iPhone & iPad Security Threats

Dan Price 26-01-2016

Unfortunately, the days of Apple devices being “bullet-proof” 3 Signs Your Mac Is Infected With a Virus (And How to Check) If your Mac is acting weird, it could be infected with a virus. How can you check for a virus on your Mac? We'll show you. Read More from various security threats are long gone.


Although it’s true that they are probably still more secure than Android, the gap is rapidly narrowing. Issues such as the iCloud celebrity photo hack 4 Ways To Avoid Being Hacked Like A Celebrity Leaked celebrity nudes in 2014 made headlines around the world. Make sure it doesn't happen to you with these tips. Read More , the Find My Phone hijacking scam, and a growing number of malware threats have all undermined confidence in the ecosystem.

It is now more important than ever for iPhone and iPad owners to know about which threats they could encounter, and how to fix them if the worst happens.

We take a look at some of the most common:


What is it?

XcodeGhost was first discovered in the fall of 2015 in China. It is based on a malicious version of Xcode (Apple’s official app development tool So You Want To Make iPhone Apps? 10 Projects For Beginners Want to create iPhone and iPad apps? Start by learning the basics of Swift. Read More ), with developers unwittingly using XcodeGhost rather than Apple’s official version for compiling apps.

Those apps were then released into the App Store, passed through Apple’s code review process Are App Stores Really Safe? How Smartphone Malware Is Filtered Out Unless you've rooted or jailbroken, you probably don't have malware on your phone. Smartphone viruses are real, but app stores do a good job of filtering them out. How do they do this? Read More , and were ultimately downloaded by end-users.


Luckily for European and North American users, most of the affected apps are located in China – though some apps (such as popular business card scanner CamCard) are available in global stores. Between 40 and 350 apps have been affected, depending on whose research you read. One of those apps was the highly popular Angry Birds 2, though Rovio quickly released a patch.

How Can it Affect You?

Apps that have been infected with XcodeGhost can collect information about devices and then encrypt and upload that data to the attacker’s servers. Collected data includes the app’s bundle identifier, the device’s name and type, the system’s language and country, the device’s UUID, and the network type.

Research also discovered that the malware could issue a fake alert to phish user information Gone Phishing: 5 Security Terms You Need to Know The Internet is a shark tank; you're exposed to threats left and right. You need to understand the risks to protect yourself. Here we introduce you to the five most common online security threats. Read More , hijack the opening of URLs, and write data into the user’s clipboard.

How Can You Fix It?

In the aftermath of the discovery, Apple issued the following statement:


“We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

If you notice suspicious behavior while using your device, you should immediately check the various lists of affected apps that can be found online. Delete any compromised apps, and change all your passwords.

Masque Attack

What is it?

Masque Attack was discovered by US-based security firm FireEye in late 2014.

The attack works by emulating and replacing legitimate apps that are already installed on the device, with users lured into downloading a seemingly legitimate app from outside of the App Store. This hook could take the form of a link to an “updated” app in a text message, a WhatsApp message, or an email.

Once the link is clicked, the malware will install a malicious version of the app over the original by using iOS enterprise provision profiles – thus making detection almost impossible for the average user.


Detection is further complicated by the fact both the real App Store version and the malicious version use the same bundle identifier.

How Can it Affect You?

According to FireEye, the risk is huge. Masque Attack could override banking and email apps and steal banking credentials, the original app’s local data (such as cached emails and login-tokens), and untold amounts of other private and confidential data.

How Can You Fix It?

Apple’s response was to claim that Masque Attack wasn’t really a threat as so few users had been affected:

“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps.”

If you have been unlucky enough to fall victim, simply deleting the malicious app and reinstalling the official version from the App Store will fix the problem.



What is it?

Less than a month prior to the Masque Attack revelations, Trojan horse WireLurker was unearthed iPhone Malware Spreads, Spotify Beats iTunes, Free Nest Thermostats [Tech News Digest] Also, a handheld Raspberry Pi games console, a new (old) Zelda game on the 3DS, and the true extent of iPhone 6 BendGate. Read More .

Like XcodeGhost, the hack originated in China. It had been operational for more than six months before its discovery, and upon its detection it was heralded as “a new era in malware attacking Apple’s desktop and mobile platforms” by Palo Alto Networks.

The virus was inserted into pirated Mac OS X software and was then transferred to iDevices via a USB connection. It was impossible for the Trojan to move from iOS device to iOS device directly.

After being downloaded more than 415,000 times, it holds the dubious distinction of being the largest outbreak of iOS malware Mac Malware Is Real, Reddit Bans Racism... [Tech News Digest] Unmasking Mac malware, the Reddit racism row, Apple Music users, YouTube moves on from 301+, Destiny drops Dinklage, and The Human Torch drone. Read More on record.

How Can it Affect You?

The attack could target both jailbroken and non-jailbroken devices.

If installed on a jailbroken device, WireLurker can use parts of the Cydia system to steal personal details, address books, and the victim’s phone number. It would then use Cydia to infect other apps and install additional malicious software.

If installed on a non-jailbroken device, the Trojan would exploit the enterprise provisioning system by invisibly installing a security profile within the Settings app. This would allow it to install a third-party comic book app without the user’s consent.

How Can You Fix It?

The good news is that if run on a non-jailbroken device Should You Still Jailbreak Your iPhone? It used to be that if you wanted advanced functionality on your iPhone, you'd jailbreak it. But is it really worth it at this stage in the game? Read More , the Trojan is benign. Sadly though, whether you’re jailbroken or not, the only way to remove the problem it to wipe your iDevice How to Factory Reset Your iPhone and iPad Wondering how to factory reset your iPhone or iPad? Here's how to back up, reset, and restore your iOS device's data easily. Read More .

Before doing that you first need to ensure your Mac is not compromised – otherwise you will re-infect your iOS device as soon as your reconnect it to your machine. Thankfully, Palo Alto Networks have released a Python script that removes any trace of WireLurker. The script can be found on GitHub.

Once that’s done, navigate to Settings > General > Reset on your iOS device. Select Erase All Content and Settings and restart your device. You will need to setup your device again, but all signs of the Trojan will be gone.

SSL Flaw

What is it?

In early 2014, a vulnerability in Apple’s SSL (Secure Sockets Layer) code was discovered. For those that don’t know, SSL is one of the technologies used to create secure connections to websites.

The problem arose from a coding error, thought to have been introduced ahead of the launch of iOS 6.0. The error meant that a key validation step was bypassed, thus allowing unencrypted data to be sent over public Wi-Fi hotspots.

How Can it Affect You?

Because the data was unencrypted How To Encrypt Data on Your Smartphone With the Prism-Verizon scandal, what allegedly has been happening is that the United States of America's National Security Agency (NSA) has been data mining. That is, they have been going through the call records of... Read More , it was extremely easy for hackers to intercept and read passwords, banks details, personal information, and other private data. This information could then be used for nefarious purposes.

The problem was only apparent when using public hotspots; secured, encryption-enabled Wi-Fi networks, such as home and business networks, were not affected.

How Can You Fix It?

If you’re the type of person who never upgrades their operating system, you could be in trouble.

It’s easy to check: navigate to Settings > General > Software Update. If you’re using any iOS version prior to 7.0.6 you are exposed. If you have an older iDevice that cannot be updated to iOS 7 (for example, the iPhone 3GS or iPod Touch 4G), you need to make sure you are running at least iOS 6.1.6.

The problem is also apparent on Macs. You need to be running at least 10.9.2. If you are using anything prior to that, avoid using Safari to browse the web.

Lock Screen Bypass

What is it?

Lock screen bypasses are nothing new. Android phones have been afflicted Change Your Password and Protect Yourself from the Android Lockscreen Hack Read More by them in the past, and Apple’s iDevices were also exposed in March 2013.

In September 2015, however, a new bypass arose on iOS devices. It will allow hackers to gain access to a phone’s iMessage app, contacts, and photos without entering any verification.

The process is very simple; enter an incorrect password four times, and after the fifth time, hold the Home button. When Siri opens, use it to open the clock. When presented with the clock press + to access search, and from there access the data.

How Can it Affect You?

Only devices protected by four- or six-digit passcodes are vulnerable to the hack; if you use a longer alphanumeric password, you will remain unaffected.

Thankfully, access is partially limited and not all of the iOS’s system are “in-play”. Nonetheless, people regularly take screenshots of private information such as bank statement screens, flight details, and various personal accounts. All of this would be viewable.

How Can You Fix It?

There are three obvious solutions.

Firstly, you should immediately change to an alphanumeric password. Secondly, you can prevent Siri from being accessed from the lock screen (Settings > Touch ID & Passcode > Allow access when locked > Disable). Finally, you should always ensure you are running the latest version of the operating systems so that flaws are fixed as soon as patches become available.

Have You Been Hacked?

Have you been unlucky enough to fall victim to any of the hacks we mentioned? Perhaps you know about some other dangerous hacks that are more aggressive than the ones we covered?

As always, we’d love to hear from you. You can get in touch via the comments section below.

Image Credits: Bloody hands by RAYBON via Shutterstock

Related topics: iOS, Malware, Trojan Horse.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest