Intego Mac Security Podcast

Text Scams, Clickless iPhone Malware, and Forgetful Browsing – Intego Mac Podcast Episode 296

Posted on by

Apple’s forthcoming operating systems have many new features to enhance security and privacy. We look at some of these, and we talk about text scams, Minecraft mods, and how 5G hasn’t lived up to the hype.

Transcript of Intego Mac Podcast episode 296

Voice Over 0:00
This is the Intego Mac Podcast–the voice of Mac security–for Thursday, June 15 2023.

Text scams are on the rise as the bad guys try to engage you via text messaging. We’ll tell you what to look out for. Malware has been found in several Minecraft Mods, those add ons and plugins that are popular with lots of Minecrafters. And a look at some of the new security and privacy features included in Apple’s newest operating system announcements. Now, here are the hosts of the Intego Mac podcast: veteran Mac journalist, Kirk McElhearn. And Intego’s chief security analyst, Josh Long.

Kirk McElhearn 0:44
Good morning, Josh, how are you today?

Josh Long 0:46
I’m doing well. How are you, Kirk?

Kirk McElhearn 0:48
I’m doing just fine. We’re one week out from the WWDC. Have you ordered anything new yet?

Josh Long 0:54
No, I don’t particularly need new hardware at this point in time. I like some of the new hardware that came out with but you know, don’t really have a need for it right now.

Has the Open Core Legacy Patcher been updated for macOS Sonoma?

Kirk McElhearn 1:02
So you have some news, you want to mention, you’re very happy that your 20th century iMac will be able to run macOS Sonoma.

Josh Long 1:09
Well, okay, not quite 20th century. But yes, I have a mid-2007 iMac that I’ve upgraded several times to the latest version of macOS, even though Apple has not supported it for a very long time at this point. The Open Core Legacy Patcher is developed by a small team of independent researchers, people who just like tinkering with the operating system and getting it working on older hardware. And this has become sort of a community of people who like running old hardware or don’t have the money, whatever other reason, they don’t want to upgrade to the latest hardware just to run the latest operating system. I’m very happy about this, that this project exists because it means that if you don’t have the money to buy new hardware, you still have the option to upgrade to the operating system that’s getting all of the security updates that Apple is releasing, as we’ve talked about many times. If you’re running even one version behind on macOS, even though Apple technically is still releasing patches for it, they’re not patching every vulnerability. So this is a good thing. Now macOS Sonoma, there’s no support for it yet. Obviously, the developer beta just came out. And so the Open Core Legacy Patcher team is working on bringing macOS Sonoma compatibility, they’re hoping that it’ll be within six-ish months. But it remains to be seen exactly when it will be supported.

Kirk McElhearn 2:35
So it probably won’t be in time for the launch of Sonoma.

Josh Long 2:39
Well, they kind of thought that last year too, though. And it really within, I think, a few weeks of macOS Ventura coming out, they did support it pretty quickly.

Kirk McElhearn 2:48
Is this community also people who like to run old Macs just for the sake of running old Macs, like people buy old cars and fix them up?

Josh Long 2:56
I think so. I think there’s definitely an element of that. Yeah. Mr. Macintosh, is somebody who has a popular YouTube account, and he talks about all of these this like old hardware, he gets really excited about this, he releases these long videos talking about Open Core Legacy Patcher, and all the new tweaks and things that come out in each new version of it. There’s definitely a big community for it.

Text scams are on the rise

Kirk McElhearn 3:21
That worked out really well for him that his name is Macintosh, and he’s into Mac computers. Okay, we want to talk about text scams and text scams cost US consumers about $330 million in 2022. Now, when Josh said to me before the show “$330 million,” I said, “Well, that’s not a lot. That’s like $1 per person.” But if you’re the one who got hit for $330 million, that’s a lot of money. It’s somewhere in between these text scams that are like, you get a text message, call this number, this is the bank fraud department, or click here to pay this invoice. But it’s not a real invoice or something like that.

Josh Long 3:57
Right. And there’s a ton of these text scams. Some of them come from a phone number, some may appear to come from an email address. But regardless, they’re tricking people. They’re deceiving people into thinking that they need to either call a number that’s in the message or click a link that’s in the message, and then they’re going to be defrauded, if they actually follow through with that and believe this thing that they’re being told. This is becoming a bigger problem. There was actually a talk at RSA Conference about this about how the the old you know, SMS scams are becoming a bigger deal. And this is part of why I think this is so worth discussing, because, yes, $330 million in the US, it’s not a lot if you average it out per person. But this is more than double than 2021 reported losses, which just a year before, and nearly five times they say what people reported in 2019. So this is becoming a much bigger problem. It seems like it’s snowballing in that direction. I would expect that we’re going to see a lot more attack like this going forward as long as it continues to be successful, and the carriers are not actually blocking these messages before they get to people’s devices, it could continue to become a bigger problem.

Kirk McElhearn 5:12
In some ways this sort of attack is quite simple. These are analog attacks, in the sense that it’s not software getting into your device. It’s just someone sending you a link and tricking you into clicking it. And we talked about fake invoice scams recently, I’ll link in the show notes to an article we have on the Intego Mac Security blog. All of these sorts of social engineering scams are far more efficient than anything else far more efficient than ransomware. Right?

Josh Long 5:37
Well, ransomware attacks probably more often, in effect businesses and usually Windows-using businesses. We haven’t seen a ton of ransomware on the Mac recently. But it is something that people still need to be aware of, and make sure that they’re backing things up properly using Time Machine or something like Intego Personal Backup. It’s good to keep your data backed up just in case one of these ransomware type attacks happens. Either way, both of them are pretty serious problems, right? Because you could either lose your data, or you could lose money. And those are things that you don’t want to lose.

Stories about Apple assisting the US government to hack the Kremlin are fake news

Kirk McElhearn 6:15
Okay, the next story is something that we kind of debated whether we wanted to talk about it, and I don’t really care about it, but you want to mention it and it’s something along the lines of they faked the moon landing.

Josh Long 6:25
Okay. Well, I think what you’re talking about here is the conspiracy theory that Apple is somehow working with a government entity to hack the Kremlin. The Russian FSB put out some report claiming that Apple was directly working with the US government or to hack them, which on its face is just completely ridiculous. Remember, in 2014, Apple completely refused to create a backdoor for the FBI to get into the San Bernardino shooters phone. This was a big deal, a big case, it went to court, Apple absolutely refused. They won’t even cooperate with the US government on local terrorism. And so it’s really completely implausible that Apple would have worked on some hacking operation against Russia. (Well, that’s what they want you to believe.) Yes, of course. And I only mentioned that aspect of it. I don’t really care as much about the politics of this just it’s worth mentioning, because some of these headlines out there are making the same claim. And well, you know, that’s really, really implausible. However, there are some technical aspects of this. Kaspersky, which is an antivirus firm that is that originates in Russia. They’ve done some internal research, and they found that some of their employees’ phones appear to have been hacked. And so so at least from the technical side of things, it looks like this is a real attack. Kaspersky employees apparently had iPhones that were hacked, and they’re calling this triangulation malware. And so these words, “zero click” or “clickless” iOS exploits that were used to infect these devices. Evidently, these devices did not have any sort of recurring infection mechanism, meaning it wasn’t persistent, right. So if you shut off your phone and turn it back on, it would completely clear out the infection because it only lived in memory. However, they also found evidence that many of these phones that had been infected at some point got reinfected at some point after they rebooted. They say that I was 15.7 is the most recent version of iOS that is known to have been infected. Now, notably, 15.7 came out at the same time as iOS 16. And so if you’ve been running iOS 16 presumably that means that you couldn’t be infected with this particular malware or or infected through this clickless exploit. They also said that they found evidence that this campaign had been ongoing since at least 2019. So another interesting point that if you care about the political aspect of this, this is long predates the Russia Ukraine conflict, and they say that as of June 2023, the attack is ongoing, which is interesting. So I guess the takeaway there is if you still have devices that are on iOS 15 Point anything, don’t do that, you know, upgrade to iOS 16 and stay on the latest version of iOS 16 If you haven’t already done so upgrade your device. Now. If you have a device that’s so old, that can’t be upgraded to iOS 16 get a newer device.

What is Fracturiser malware and how does it affect Minecraft users?

Kirk McElhearn 9:40
Okay, we want to talk about some Minecraft Mods that were found infected with the Fracturiser malware. Now mods are I guess this only works on PCs right or Macs, not unlike game consoles where the system is locked down. These are kind of like browser extensions that you can add to games to be able to do things which may be cheating or it may give you ability to do other things, right?

Josh Long 10:04
Yeah, they’re not necessarily always giving you some advantage over other players. But sometimes game mods give you for example, like different worlds to explore maybe a different method or different way of playing the game. In Minecraft, there’s tons of mods. You can have Minecraft worlds that are recreated to look like Pokemon worlds or things like that. There’s all kinds of crazy mods out there. We’ve talked about this kind of story before on the podcast, but we thought it was worth mentioning again. If you have kids who are playing Minecraft a lot, they may be downloading these kinds of mods. And some of these mods contain malware. Unfortunately, this Fracturiser malware, in particular is affecting Windows and Linux systems. As of right now, there’s not any known macOS variant of it, but the fact that it can run on Linux systems should be a really big red flag because Linux and macOS in terms of their underpinnings are very similar and so it would not be difficult to port this type of malware to Mac.

Washington Post declares 5G an “overhyped” technology

Kirk McElhearn 11:06
Okay, very quickly, we want to mention a Washington Post article which resonated with me when I saw it: “5G Was an Overhyped Technology But Let’s Learn Our Lesson”. I recall during Lockdown when Apple presented the iPhone 12 with 5G that we had a discussion and I was saying what’s the point this isn’t going to roll out the way the company say it’s not going to be useful for anyone. And this Washington Post article points out. Not only was I right, of course, but sometimes 5G can be slower than 4G, and it can use more battery on your phone. And I think the takeaway from this article is, you know, tech companies overhype things constantly. Every Apple product is the “most magical ever”. I like to watch Apple’s keynotes and drink every time they use the word “magical”. And I rarely make it to the end because they use that word so many times. Don’t believe any of this stuff when they say that it’s going to change your life. I remember they were talking about, you could download a movie in seconds with 5G, if you’re in exactly the right position and the wind is the right direction and all that sort of but why do you even care. So just kind of a warning to say the technology is overhyped. And you know, don’t believe everything. Finally, the Brave browser, which Josh likes to use has a new “forgetful browsing” feature. “Forgetful browsing”, that’s a nice name. That would be like, I don’t know, a Victorian novel, “Forgetful Browsing”.

The Brave browser adds “forgetful browsing” feature

Josh Long 12:30
So this is a bit different from what we talked about last week, where Safari is getting this new privacy feature where when you walk away from your computer for a while the windows will lock right, your Private Browsing windows are not going to be visible to somebody who walks by your computer. They’re calling this “forgetful browsing”. And if you are somebody who may have, let’s say, an adversary in your home, so maybe you have an abusive spouse, for example, that’s the scenario that they frequently give in their own write-up of this feature, you may want to make sure that somebody coming along later is not going to be able to see what sites you’ve been browsing, if those sites may put you in danger. So there’s this new technology that they’re building into Brave, they’re encouraging any websites that may be used by somebody in these kinds of dangerous situations, to opt into this feature, where the browser itself will actually forget your browsing session, and not just remove it from history, but also completely remove any evidence that you’ve been to this site. There is a caveat here, of course. If somebody has a keystroke logger or something like that running on your system, or software that constantly is taking screenshots, these are domestic spyware, you might call them. That doesn’t stop those kinds of methods from discovering where you’ve been. But at the very least, it’s good, they’re coming up with new ways to try to protect users when they’re browsing to sites who may be in a dangerous situation.

Kirk McElhearn 14:02
Okay, we’re going to take a break when we come back, we’re going to talk about new security and privacy features in Apple’s forthcoming operating systems.

Voice Over 14:11
Protecting Your Online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Indigos Mac premium bundle X nine includes virus barrier, the world’s best mac anti malware protection, net barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important file safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Ventura, and the latest Apple silicon Max, download the free trial of Mac premium bundle X nine from Today, when you’re ready to buy Intego mag podcast listeners can get a special discount by using the link in this episode show [email protected] That’s and click on this episode to find the Special Discount Link exclusively for Indigo Mac podcast listeners Intego world class production and utility software for Mac users made by the Mac security experts.

What devices will be unable to run Apple’s newest operating systems?

Kirk McElhearn 15:27
Okay, so last week, we talked about the main features that are in macOS Sonoma, iOS, 17, iPad, OS, 17, et cetera, et cetera. This week, we want to talk about security and privacy features. But first, Josh wants to talk about all the hardware that is banned from upgrading to Apple’s new operating systems, we should revolt against this banning hardware, shouldn’t we Josh?

Josh Long 15:48
Well, okay, I know banned is kind of a click-baity way of talking about this. But every year, Apple will drop some hardware from being able to upgrade to the latest operating system, Apple is dropping a few models of Macs, and a few models of iPad as well. So to make this as simple as possible, if you have an iMac, a MacBook or MacBook Pro that was first sold in 2017, then you will no longer be able to upgrade to the latest version of macOS. Also, if you have an iPhone eight, eight plus or 10, you won’t be able to upgrade to iOS 17. And if you have a fifth Gen iPad, or a first gen iPad Pro, you won’t be able to upgrade it to iPad os 17.

What are some of the new security and privacy features that Apple has announced for its forthcoming operating systems?

Kirk McElhearn 16:34
So let’s talk about these new security and privacy features. And most of these features apply to all the operating systems, Apple tends to specify certain features for each operating system when they do the presentation. But it’s fair to assume that they will all apply to all operating systems unless there’s a hardware specific thing like Face ID on the iPhone or something like that. So Safari is getting some updates. And one of the ones that I really like, it’s partly security and privacy, but it’s more usability is what’s called Safari Profiles. So you can set up a Profile, for example, for work for personal for play, or I can set up a podcasting Profile, right, in which case, Safari would only show me the tabs that I need to access by default for our podcast. It would only load the extensions I want. I could connect this to my podcasting Focus, which I turn on to not get notifications except from people with whom I create podcasts. So if you send me a text message, I want to see it when we’re recording a podcast. And this can be really practical. I think this is probably something not too many people are going to use. But those who will use it will leverage this to simplify their lives.

Josh Long 17:43
Apple really talks about this as being a feature that’s, can, for example, separate your work and private life. But you may have maybe multiple accounts. Sometimes, for some people, you can kind of just use Private Browsing as sort of a way to do this currently. So you could have for example, let’s say your private life in a regular tab and your work life in Private Browsing tabs, that’s one way to do this. And Safari is really the only browser that is practical for using that way, just because when you quit Safari, and reopen it, it will restore your Private Browsing tabs, whereas pretty much all the other browsers don’t do that. However, if you have, let’s say more than one account, maybe you have multiple people who are all sharing the same macOS login. And they all have different accounts, maybe bank accounts or something like that. Just having the regular non Private Browsing and Private Browsing tabs is not really sufficient for everybody who sits down at that and uses that computer. If you want to have the separate Profiles, this gives you a lot more flexibility, you no longer have to use Private Browsing to keep your work and private life separate. And this just makes a lot of sense for a lot of reasons.

Kirk McElhearn 18:59
Do you use tab groups?

Josh Long 19:01
I do in Microsoft Edge, actually. I use tab groups.

Kirk McElhearn 19:05
I use tab groups in Safari and I have one for Intego, for example, for all of the webpages that we use to prepare the podcast. I have another one for my business. So my accounting and my bank accounts. And I have a couple of others for different things. I do one for all my podcasts, I find it really practical because the tabs are all there on all my devices. And I can open them and I liked the idea of the Profiles, which could be maybe on the weekend, I’ll just turn off all that stuff. And my favorites won’t be for the Intego blog or for our podcast hosting company, but it’ll just be the things that I want to check out on the weekend. Okay, so you mentioned Private Browsing a lot. In fact, you said the term Private Browsing about seven times. This is for SEO purposes, by the way, in our transcript of the podcast. Apple is making improvement to Private Browsing, which is really useful. And as I mentioned last week, it’s kind of “Porn Mode”, your Private Browsing windows and tabs when you step away from your Mac more than a certain amount of time they are locked, so no one can see what you’re viewing. And in order to access them, you have to authenticate with a password Touch ID or Face ID.

Josh Long 20:07
Of course, it can be used for other things as well. Of course, of course, like your banking, for example, yeah, I would really recommend that you lock your whole workstation, meaning go to the login screen where it requires typing in a password or using touch ID or whatever to get back into your Mac. Rather than just having this Private Browsing. Sorry, I said it again, this Private Browsing window lock automatically.

Kirk McElhearn 20:29
But if you are in a shared situation, like you described before, each person’s got some Private Browsing windows, when they step away, it’s locked. So you know, no one will see your bank account or whatever websites you’re visiting. It’s an improvement.

Josh Long 20:43
Right. And as with all of these features, it’s to improve your privacy, right? And so although most of the time I think we’re thinking about privacy, from the perspective of, you know, bad guys getting my data, there are scenarios where somebody in your own home might be adversarial toward you or at your place of business to you might use a Mac at work, keeping those Private Browsing windows private in a workplace might make sense in some scenarios, as well.

Kirk McElhearn 21:08
There’s an improvement to passwords and pass keys. So we’ve talked about pass keys in the past, and they’re not really widely used yet, but they will be. But there is a possibility in iCloud Keychain to create groups of people to share passwords with. Now imagine you want to share your Netflix password with your spouse, right, you can just put it into the keychain. So wherever they are, they can access it or imagine you or I, we have certain services we access in order to produce this podcast. We could make a group and put all the the logins and passwords into that group. And it’s really great for businesses because whenever an employee is no longer with the business, you can remove them and they no longer have access. Of course, they may have saved the password someplace else. But if someone has to update the password, everyone in the group gets that update. Okay, there’s an improvement to two factor authentication. Now, a couple of years ago, Apple implemented a system where when you get a six digit code via a text message, it autofills in Safari on a Mac on an iPhone or an iPad. But some websites send these by email. And so in the future Safari will be able to autofill the code sent by email. Now, they say that in Messages, these text messages will automatically be deleted after the codes have been filled in. I really liked this because it’s a hassle to delete text messages in Messages. And I don’t like to leave all those messages in my Messages. I don’t think they’re going to automatically delete the emails yet. But this will make the six digit two factor authentication codes, which Josh is going to say are less secure than the other kind, a little bit easier to deal with.

Josh Long 22:43
I think it’s important to note that Apple shows that this is a feature in Apple Mail. So when you if you if you actually have your email set up in Apple Mail, that’s how this is going to work. Apple’s technologies are working on device behind the scenes to identify that this particular site that you’re trying to log into just sent you a code. So it’s important to recognize that you have to be using Safari and you have to be using Apple Mail, in order for this feature to work properly.

Kirk McElhearn 23:10
Okay, improvement to Lockdown Mode where it’s going to be hardened even more. I don’t have too many details about this. But Josh, who likes to use Lockdown Mode, is going to be very happy.

Josh Long 23:21
They didn’t really announce a lot about what exactly is going to be added to Lockdown Mode in the new operating systems. These are basically things that happen mostly behind the scenes. Sometimes they put up extra dialog boxes that can be really annoying, like every single time you update your operating system. They’ll say for example, Lockdown Mode is turned on for name of apps, certain experiences and features may not function as expected, yada, yada, yada. There’s a lot of functionality that just is disabled by default, including even just animated GIF images that don’t animate by default when they’re sent to you via iMessage. But there are technical reasons why Apple is disabling these specific functionalities and features. It’s because they have been used for zero click exploits in the past. And so it’s protecting you from those kinds of attacks.

Kirk McElhearn 24:10
Okay, there’s a lot of other features. The last one I want to talk about is actually something I find practical. If you are a family where multiple people have AirTags, let’s say on your keys or your car keys or something like that, you may have discovered that you get an alert saying “AirTag found moving with you” when you’re with your spouse, for example, because well, you’ve been with them for a while and they’re close to you. And maybe the AirTag is actually in your pocket or tracking you or something. And obviously it’s not it’s just if there’s two people have AirTags and they’re together often this creates a problem. So you can share AirTags. Let’s say you share a bicycle and you want to put an AirTag under the seat of the bicycle. You want to both be able to track that bicycle from your iPhones and you’ll be able to share that AirTag so you can both do that. You could share car keys although two people they each have car keys , you could share each other’s car keys in case you want. But that’s not quite as practical. It’s more for the item where there’s one AirTag that multiple people use. Now, I would suggest putting an AirTag somewhere in your car to track your car if it gets stolen. And this way, neither of the people driving the car will get the alert, there’s an AirTag found moving with you, and then try to find where it is.

Josh Long 25:21
Exactly. Yeah, I think this is a really great use case actually for AirTag because you want to know if your car gets stolen where it is, and this is the cheapest way to do that. Really.

Kirk McElhearn 25:31
Okay, lots more features for security and privacy and macOS Sonoma, iOS 17, and iPadOS 17. I’ll link to an article on the Mac Security Blog. Until next week, Josh, stay secure and stay locked down.

Josh Long 25:42
All right, stay secure.

Voice Over 25:45
Thanks for listening to the Intego Mac podcast, the voice of Mac security, with your hosts Kirk McElhearn, and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like, or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode The Intego website is also where to find details on the full line of Intego security and utility software.

If you like the Intego Mac Podcast podcast, be sure to rate and review it on Apple Podcasts.

Intego Mac Podcast

Have a question? Ask us! Contact Intego via email if you have any questions you want to hear discussed on the podcast, or to provide feedback and ideas for upcoming podcast episodes.

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →