Hacked via your calendar?

Someone asked me, "I think I have a virus on my iPhone. Could you take a look?"

I was surprised. I did not think viruses were technically possible on iOS devices.

I agreed to help.

I asked, "What did you notice that makes you think you have a virus?"

This person replied, "I started seeing pop-ups telling me I was hacked."

I pondered the response. "What app were you using?"

"I was using the Google app."

"Do you remember what you were doing there?"

"I searched for a former president's name and clicked the search result. It didn't take me to a website. Instead, it took me back to the Google search page."

I pondered the response. How could searching a president's name get oneself hacked?

"Look!" this person said. "The pop-up is there."

I looked at the phone and saw it was a calendar reminder notification. Interesting!

I opened the calendar app and saw calendar entries with scary titles and links to potential phishing sites.

Hacking through someone's calendar?! These malicious actors are incredibly clever.

I removed the subscribed calendar account and asked this person to clear the cache from all the web browsing apps.

I used my own device to find out how this was possible. I found an article that explains it. (See the link below). Turns out this is a relatively new attack vector.

https://macsecurity.net/view/333-iphone-calendar-events-spam

I asked, "Do you remember clicking some alert when you were browsing the web?"

"Well, yes. I got an alert. It had a button that said, 'Okay, got it." So, I clicked it. I don't remember what it said."

I suppose this person clicked a malicious pop-up alert that subscribed the calendar to a malicious shared calendar.

Fortunately, this person did not click on any of the calendar notifications. The bad news, this event reminded me that cyber defenders could continue to be behind the cyber attackers. I would not have considered an attack via a calendar app.

Stay secure,

Miguel


Photo by Estée Janssens on Unsplash


Miguel A. Calles MBA released this post 3 days early for patrons. Become a patron

Become a patron to

2
Unlock 2 exclusive posts
Listen anywhere
Connect via private message