Apple recently revealed that several iPadOS and iOS security flaws lead to an unknown number of devices being remotely accessed by cyber attackers. iPhone and iPad users are urged to upgrade to iOS 14.4 as soon as possible to avoid any incidents. You can find more details about which iOS components caused the issues below.
Afterward, we’ll be taking a look at three valuable tips to secure your Apple devices from hackers – one of the most important being to encrypt your private data with a first-class iPhone VPN (such as these ones: https://proprivacy.com/vpn/comparison/best-iphone-vpns).
Before that, here’s what’s happening with iOS.
Serious iOS Security Flaws in 14.3
While iOS 14.4 provided a lot of miscellaneous security fixes (as seen from Apple’s support documentation), three stand out in particular. Why? Well, Apple doesn’t typically announce when issues have been “actively exploited” in their patch notes. Whether the vulnerabilities have had any wide-reaching effects or significant impact on users remains to be seen.
First on the list is an exploit that directly affects the iOS kernel (the core of the operating system). According to Apple, the fix provided in iOS 14.4 prevents malicious apps from elevating their access privileges. In other words, hackers could have used the security hole to make their apps do things they’re not supposed to. Say, a simple drawing app suddenly gains access to your contact info, login details, and other sensitive info.
Another two dangerous issues were found with WebKit, Safari’s browser engine – both of which could allow attackers to execute malicious code remotely. Basically, hackers could take control of your iPhone or iPad just by being on their websites. No need to download or tap on anything.
It’s similar to what happened in 2016, when the New York Times, the BBC, and other major websites were hit by a ransomware attack. Anyone that even viewed the advertising on these websites would have their hard drives encrypted until they paid a ransom in Bitcoin. Thankfully, this wasn’t the case with the iOS security flaws in 14.3.
In any case, let’s see what you can do to secure your Apple devices.
#1 Get a Decent iOS VPN
If there’s one app you should get for your iPhone, it’s a VPN. As mentioned, these apps encrypt your network data – which essentially means that data is scrambled until it becomes unrecognizable without the correct key to decrypt it. But as opposed to that one ransomware attack, VPNs do it to prevent hackers from harvesting your private info.
You’ll definitely need one if you tend to use public Wi-Fi a lot. And who doesn’t love free Wi-Fi, right? Hackers are especially fond of it, as they can use man-in-the-middle attacks and similar techniques to read your data. Such attacks aren’t as prevalent as ransomware or phishing (which we’ll cover in a sec), but it’s worth covering all your bases.
Another great use for VPNs is to mask your browsing activity and real life location, making them unreadable by Internet providers. Considering ISPs are looking to sell your information to the highest bidder, you can see why VPNs have become a necessity nowadays.
Just make sure you’re using a trusted no-logs iPhone VPN (like those linked at the start of the article). Otherwise, you run the risk of having your browsing and location data sold by free VPNs. Or worse, have it leaked online – just as 20 million people experienced in July 2020. Back then, seven free VPNs operating out of Hong Kong leaked user data they claimed they weren’t logging.
#2 Turn off AutoFill
While it’s pretty convenient to not have to remember all your passwords or your credit card info, AutoFill is also a huge security risk. In case a hacker somehow manages to take control of your device – such as through a security exploit like those described above – they now have access to all of your login information and potentially your payment info.
The same applies if you lose or have your device stolen. On a related note, don’t underestimate the power of a good, six-number passcode.
To turn off AutoFill, all you need to do is go to Settings > Safari > AutoFill and disable the options to save your contact and credit card info. For passwords, you can turn off the option by heading to Settings > Passwords.
#3 Beware of Suspicious Links and Attachments
We’re sure you’ve seen this a million times, but it’s worth repeating anyway. Even more so, considering Google has registered over two million phishing domains in 2020 alone – a whopping 20% increase compared to 2019.
What is phishing, you ask? Easy: scam emails and websites meant to “bait” people into handing over confidential data to cyber attackers. The current trend is fake Coronavirus emails and websites, for obvious reasons. Hackers find it easy to prey on people’s fears, and Covid-19 is a good example of that.
Now, most of these scams are immediately recognizable due to the poor grammar and formatting. Of course, some of them can be pretty convincing. One good way you can distinguish a fake email from a real one is that most online services will refer to you by name or by account name. Fraudulent emails usually start off with a vague “Dear Client/ Customer/ Sir/ Madam” – anything along those lines.
Then again, some attackers actually thoroughly research their victims. You may run into situations where they refer to you by name, as well as provide information only you would know – in order to gain your trust. This is called spear phishing, and it’s much easier to fall prey to such a scam.
Fortunately, there’s one way to confirm whether the email is real or not. Say you receive an email from your bank, PayPal, or others. For one, these companies will never ask for personal information. But just in case the info request turns out to be real, all you need to do is manually type in the service’s website.
Even better, bookmark their websites so you don’t accidentally type the name of a phishing domain. Once you’re logged in, you should be notified whether you need to update your information for whatever reason.