Tuesday, January 17, 2023

Keyloggers and malware on iPhones and iPads

 A customer of a financial institution recently contacted us stating that their iPad was not being accepted by their bank for app installation due to alleged malware on it. They wanted to know my advice for the best next steps they could take. We've taken this opportunity to write up our opinions on such a situation, as it's not as uncommon as many may think.

Such an allegation from a bank or other similar body can understandably cause distress, but there are a couple of simple steps one can take to drastically reduce the likelihood of having your device being out of your own control.

The first step that should be taken is to factory reset the device from within iOS itself. At the time of writing this article, Apple has a handy guide in their Help Centre titled 'Erase iPhone' which should cover all circumstances of this essential procedure. While Apple offers two alternative procedures on this Help page, it's essential to note that there is a distinct difference between the two.

Using the device to erase itself is usually sufficient to remove unwanted software from the unit. This is the most useful method to reset the device when one's on the road or does not have any other computing equipment to perform the alternative.

Use Settings to erase iPhone

  1. Go to Settings  > General > Transfer or Reset iPhone.
  2. Do one of the following:

  • Prepare your content and settings to transfer to a new iPhone: Tap Get Started, then follow the onscreen instructions. When you finish, return to Settings > General > Transfer or Reset iPhone, then tap Erase All Content and Settings.
  • Erase all of your data from iPhone: Tap Erase All Content and Settings.

A known good working computer can be used in conjunction with macOS (10.15 or above) or Apple's iTunes software (on macOS 10.14 and below, or Microsoft Windows, with iTunes installed) to reset the device. This method requires an appropriate cable for computer-to-device communications.

Use a computer to erase iPhone

You can use a Mac or Windows PC to erase all data and settings from your iPhone, restore iPhone to factory settings, and install the latest version of iOS.

  1. Connect your iPhone to your computer with a USB or USB-C cable. You may also need an adapter. See Connect iPhone and your computer with a cable.
  2. Turn on your iPhone.
  3. Do one of the following:

  • On a Mac (macOS 10.15 or later): Click the Finder icon in the Dock to open a Finder window, click the iPhone button in the Finder sidebar (below Locations), click General at the top of the window, then click Restore iPhone.
  • On a Mac (macOS 10.14 or earlier) or a Windows PC: Make sure you have the latest version of iTunes (see the Apple Support article Update to the latest version of iTunes). Open iTunes, click the iPhone button near the top left of the iTunes window, click Summary, then click Restore iPhone.

The first method (which we'll call 'Self Erase') requires the device itself to have not been modified such that any malware detects the attempt to reset and bypass it, thus leaving the infection onboard. While the second method ('Host Erase) also runs this possibility, by running it from an up-to-date copy of the software from a computer it's far less likely for the reset to be bypassed. However, in this case, it's essential that the computer itself is known to be working in good order.

It's practically impossible to verify that any computer system is not infected with malware or a virus, it's also practically possible to be very confident that it is not infected with such. For example, any random computer straight off the shelf at a big box retailer still in its factory case is far less likely to have unwanted software than one purchased second-hand at the local swap meet. 

There are further steps that can be taken to interrogate the data on a suspicious iPhone or iPad device, these are generally discussed in public due to legal reasons. Suffice it to say that if you suspect there's data on the device that needs to be traced back to an origin point (for example, a business dispute that involves alleged fraud).

If you're in need of assistance in ensuring that your iPhone or iPhone has been properly reset, please don't hesitate to contact sysrq associates today to organise a strategy to maintain control of your digital life.

Keyloggers and malware on iPhones and iPads

  A customer of a financial institution recently contacted us stating that their iPad was not being accepted by their bank for app installat...