this post was submitted on 15 Feb 2024
141 points (94.3% liked)

Apple

17525 readers
48 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 1 year ago
MODERATORS
 

cross-posted from: https://lemmyf.uk/post/5813538

First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts

you are viewing a single comment's thread
view the rest of the comments
[–] TORFdot0@lemmy.world 1 points 9 months ago (1 children)

TestFlight isn’t the same as sideloading. And preventing sideloading has no effect on your IT illiterate relative handing over MDM control to a malicious actor.

Would you blame sideloading if your relative gave a random “fraud specialist” at their bank their online banking password and they had their bank account drained? That’s the essentially same kind of attack that happened here

[–] GlitterInfection@lemmy.world 9 points 9 months ago (2 children)

You missed my point entirely. Once sideloading is available Trojan authors no longer need you to install an MDM to infect your parents devices.

[–] umbrella@lemmy.ml 3 points 9 months ago

They will still have to social engineer the target to get it enabled and installed.

[–] TORFdot0@lemmy.world 1 points 9 months ago (1 children)

I get your point, but where I don’t agree is that sideloading is more insecure than already exploited systems. What safety does disabling sideloading provide when the same user vulnerable users are able to be socially engineered to bypass several restrictions and install the test flight app or a management profile to give hackers control?

It’s not as if sideloading is going to be allow users to click a malicious ad that pops in at the last second where the real download button should be. It is going to behind the same multiple step processes that the current test flight or MDM vectors are

[–] GlitterInfection@lemmy.world 1 points 9 months ago

What safety does several layers of effective safety that removed this threat quickly and obviously prevented it from becoming a widespread issue provide?

And that is not what people are pushing for for sideloading. People want to be able to have alternative app stores with their own sets of rules that will not require test flight or MDM vectors.