IPhone users are urged to update to the latest version of the Safari browser if they haven’t already as it patches up a security loophole that allows scammers to lock the mobile browser with scareware ransom demands.
The scareware campaign would manifest itself as a pop-up appearing in the Safari browser. The pop-up would claim that the phone was locked because the user was identified as having browsed “illegal pornography” and that the victim would need to pay a fine in order for the phone to be unlocked.
This is a common scareware ploy that both mobile and desktop users may be familiar with. The scareware purports that the device is locked (or the files have been encrypted) but this is just a trick to lure victims into paying up. The device isn’t really locked, unlike with genuine ransomware that actually does encrypt your personal files.
Sponsored Content. Continued below...
Technically apt users would soon realise that they could clear the cache settings in Safari through the iPhone’s main settings section (Settings > Safari > Clear History and Website Data) to effectively remove the scareware campaign. However non-technically inclined users may not realise how to do this and in some cases may have been alarmed enough into paying the fee (payable through a $100 iTunes top-up card.)
The scam exploited a security loophole related to Javascript, a scripting language many websites use.
However with the iOs 10.3 update, this exploit is fixed, by preventing spammy pop-ups from taking control of the entire Safari app, thus allowing iPhone users to browse away from any offending website using an alternative “tab”.
Remember, if a pop-up window appears in your browser demanding you pay a fine to “unlock” your phone – even if that demand appears to come from the police – don’t pay! It is probably just a scareware pop-up, which can be removed.
So if you haven’t updated already or manually plan your updates, get Safari updated soon.