Gadgets

Why the iOS 14.4 Update Isn’t Enough Against Hackers

Hacker, Www, Binary, Internet, Code

You’ve probably heard that hackers have actively exploited some security issues in iOS 14.3. As always, Apple didn’t provide many details about the issues – such as the scale and severity of the attacks, or whether you should be worried about your private data being compromised. All you can do right now is quickly update your iOS devices and wait for a more in-depth statement on the matter.

Meanwhile, we’ve prepared some VPNs for iOS you should try out as a useful measure against further cyber attacks. That, and several other cyber security tips so you can cover all your bases. After all, iOS 14.4 may have fixed a few issues, but new threats will always pop up.

In any case, let’s take a look at how hackers managed to compromise some user devices before the latest patch.

Details on the iOS 14.3 Security Flaws

First off, the big one: an issue that affected the kernel (or core) of iOS and iPadOS. According to Apple’s support documents, hackers have used this vulnerability in the system to elevate privileges for certain apps. This would allow apps to do things they aren’t supposed to – like access contact, login, and payment info.

Two other issues on the “actively exploited” list were found in WebKit, the browser engine powering Safari. Basically, hackers could execute some scripts on malicious websites which would allow them to take control of your device. Presumably, victims end up accessing those malicious pages as a result of a phishing attack (which we’ll cover in more detail later).

Of course, without further details from Apple, this is all just speculation. The tech giant always keeps such information under wraps until most affected devices have been patched. Remember to update yours, and scroll on for some more anti-hacking advice.

How Useful Is an iOS VPN Against Hackers?

While it’s true that Apple takes the privacy and security of their users more seriously than other providers, such security breaches prove they’re not infallible. As such, you’ll need to take extra precautions to protect your data against any type of cyber threats out there.

Now, VPNs add an extra layer of encryption to any network data that passes through your device(s). Encryption is basically a fancy way of saying that your online activity is scrambled in such a way that the only ones able to read it are those with the correct key to decrypt it.

How exactly does this help? Well:

  • Hackers can no longer use man-in-the-middle attacks and similar exploits to harvest any sensitive data.
  • Similarly, you’ll be well-protected on unsecured (“free”) public Wi-Fi, where hackers can easily eavesdrop on your online activity. At the same time, you won’t be affected by so-called “Evil Twin” attacks, fake Wi-Fi hotspots run by hackers.
  • Finally, your ISP will no longer be able to sell your browsing and location data to advertising companies for their own gain.

Moreover, VPNs mask your actual IP address (and thus your real life location). This adds an extra bit of privacy and allows you to bypass geo-blocks (e.g. watch Netflix shows not available in your area). The best part is that you can avoid online censorship in restrictive countries like Russia, China, and others. Not to mention stay “under the radar” from their massive online surveillance networks.

Warning: Free VPNs Are Bad News

All that being said, don’t immediately latch onto the first free iOS VPN out there. Most of them will sell your data (completely legal, as long as they disclose their partners), rendering them useless for privacy. A group of researchers also found that many free VPNs on the App Store still aren’t following App Store Review Guidelines, even though the issue has been brought to light quite a while back.

That’s not the worst of it, though. Just last year, seven free VPNs leaked the personal data of 20 million people online. Login and payment info, real life addresses, and a lot more sensitive info could be found amongst the leaked data. Probably not worth it just to save money on a subscription.

Moving on, here’s what you can do to boost your security without the need for third party apps.

Turn Off AutoFill Passwords & Payment Data

Let’s say your iPhone is compromised because of a security hole similar to the ones discussed above. You can still minimize how much damage hackers can do. How? By not saving critical data on your phone for the sake of convenience.

Head over to Settings > Passwords, then Settings > Safari > AutoFill and disable the password and payment-saving features. You’ll need to manually type that info in each time, but at least your accounts are safe – especially if your phone gets stolen while it’s still unlocked.

Enable Two-Factor Authentication (2FA)

Any security expert worth their salt will tell you that passwords are inadequate as a security measure. Sure, the more complex they are, the less likely they can be brute-forced. However, one data leak later and your randomized 24-character password is up for grabs by anyone with access to dark web marketplaces. Ideally, you should use hardware-based 2FA, but even systems that use SMS text messages are better than nothing.

Phishing Attacks: Your Greatest Threat

Hackers are human too, so they will usually try to minimize the effort they put into stealing your data. As such, it’s more likely you’ll deal with phishing scams (fake websites and suspicious email attachments) than the “hacking” you see in thriller and sci-fi movies. Coronavirus-based scams are the current trend, with Google registering over two million phishing websites in 2020, as well as blocking 18 million Covid-19 related emails a day.

Fortunately, it’s not that difficult to prevent phishing attacks as long as you know what you’re up against. Here are some quick warning signs of a phishing email.

  • Email subject creating a sense of urgency: “Immediate action required”, “Account locked”, etc.
  • Misspelled words and poor formatting.
  • Using nondescript introductions such as “Dear user/ client/ customer” instead of your real name or account name.
  • Outright asking for personal information such as payment details, passwords, and so on.

As you’ve seen, hackers can exploit iOS security flaws to take control of your device by simply visiting affected websites. To avoid such issues, bookmark any sensitive pages (like PayPal or your home banking service) and access them through the bookmark link. That way, you don’t need to follow any suspicious links to “update your account information.” Nor do you have to worry about misspelling a website name and stumbling upon a phishing domain created to steal your data (e.g. paypa1.com).