This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

InterceptX - iPad just got hacked

Hi folks,

my iPad running the latest ipados and interceptX was hacked using a known hack in Facebook messenger.

Thankfully my contact list is not that great and I was able to unsound the bad message.

The iPAD is also guarded by XG and at the time the initial attack it was not using decrypted and scan which it was when the messages were sent but there is an exception in web policy for facebook.

Why wasn't the known hack stooped by interceptX.
ian

This thread was automatically locked due to age.

Parents

0 Yashraj S over 3 years ago

Hi rfcat_vk,

Can you please let me know which know hack you are referring to? Please let me know the version of Intercept X and Facebook messenger? Are you using the free Intercept X from the Apple app store or do you have a licensed Sophos Mobile installation? It'd be great if you can provide more information regarding this attack and please post any valuable screenshots if you can.

Thanks,

Yashraj Singha
Manager | Global Community Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to Yashraj S

Hi,

I have checked further and it is know issue, but not a hack, just credential stealing site.

https://www.techlicious.com/blog/facebook-is-this-you-video-scam/

I am running sophos home premium and the interceptx comes as part of that package for mobile devices, version 9.6.0.42

messenger the latest to automatically install.

ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to rfcat_vk

Hi,

this is a screenshot of the nasty.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Yashraj S over 3 years ago in reply to rfcat_vk

Hi rfcat_vk,

Thank you for sharing more details along with the screenshot! This seems like a phishing scam, where a legitimate-looking page is shown for you to sign in to. Once you enter your credentials, they are stolen. The key security features for the free Intercept X Mobile app for iOS are WiFi Security (Man in the middle network attack), Secure QR code scanning, Authenticator, and Password Safe.

A phishing attack is a type of social engineering attack and hence it requires a different type of protection. For avoiding Phishing attacks, please see the following article: https://www.sophos.com/en-us/security-news-trends/best-practices/phishing.aspx

For more info on the Sophos products offering this type of protection, please see: https://www.sophos.com/en-us/content/phishing-attack-prevention.aspx

Thanks,

Yashraj Singha
Manager | Global Community Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to Yashraj S

Hi Yashraj,

Thank you for the details, but they do not answer the real issue about why a known bad actor site was allowed to get past interceptX? Also the sophos email scanning function suggested in the URLs is a business application, not available to home users. Further the URL should have failed the XG testing, not just content but as a know bad site.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 3 years ago in reply to Yashraj S

Hi Yashraj,

Thank you for the details, but they do not answer the real issue about why a known bad actor site was allowed to get past interceptX? Also the sophos email scanning function suggested in the URLs is a business application, not available to home users. Further the URL should have failed the XG testing, not just content but as a know bad site.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 FormerMember over 3 years ago in reply to rfcat_vk

Hi rfcat_vk,

The XG firewall would have prevented this URL from a web filtering policy. Did you configure HTTPS decrypt and scan?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to FormerMember

Hi,

no, because decrypt and scan does not work on my iPAD to many sites fail and SSL/TLS is even worse.

But I do have it enabled for malware and content scanning.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 3 years ago in reply to rfcat_vk

Hi rfcat_vk,

The XG firewall would have prevented this URL from a web filtering policy, but it was not configured for your iPad. Did you have any IPS policy or ATP configured on the firewall?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to FormerMember

Hi H_Patel,

A screenshot of the firewall rule.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel