The Support desk of Lookout, a mobile security company, has discovered scammers using a “scareware” campaign, which locks out victims from using the browser, unless the victim pays the attacker money in the form of an iTunes Gift Card, in which case the attack blocks use of the Safari browser on iOS.
A user running Apple's iOS 10.2 reported that they lost control of Safari after visiting a website and was no longer able to use the browser. An endless loop of pop-ups effectively locks up the browser, thus preventing the victim from using Safari. The user reported seeing messages that said “Your device has been locked…” or “…you have to pay the fine of £100 with an iTunes prepaid card”.
Users can restore functionality of the browser by clearing the cache in iOS Settings. The attack doesn't encrypt any data or hold it ransom. During the attack, threatening messages were displayed in an attempt to use fear as a factor to trick victims into paying before realising they don't have to pay the ransom to recover data or access the browser.
As part of the iOS 10.3 patch, Apple closed the attack vector by changing how Mobile Safari handles pop-up dialogues. Based on its code, the attack seems to have been developed for older versions of iOS, such as iOS 8.
Users are encouraged to protect their iOS devices against this attack by updating their operating system to 10.3.
Andrew Blaich, security researcher at Lookout told SC Media UK: "This kind of scareware can be effective when used on people who do not have the expertise to notice the difference in the validity of the threat. The knee-jerk reaction to pay the fine to get rid of the problem could cost businesses money. This is why employee education to understand and protect against mobile threats is important. Mobile attacks are becoming more prevalent and sophisticated in their nature, which it is why knowledge is critical to determine what is real and what is not."