This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

InterceptX - iPad just got hacked

Hi folks,

my iPad running the latest ipados and interceptX was hacked using a known hack in Facebook messenger.

Thankfully my contact list is not that great and I was able to unsound the bad message.

The iPAD is also guarded by XG and at the time the initial attack it was not using decrypted and scan which it was when the messages were sent but there is an exception in web policy for facebook.

Why wasn't the known hack stooped by interceptX.
ian



This thread was automatically locked due to age.
Parents
  • Hi ,

    Can you please let me know which know hack you are referring to? Please let me know the version of Intercept X and Facebook messenger? Are you using the free Intercept X from the Apple app store or do you have a licensed Sophos Mobile installation? It'd be great if you can provide more information regarding this attack and please post any valuable screenshots if you can. 

    Thanks,

    Yashraj Singha

    Community Team Lead, Support & Services| Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • Hi,

    I have checked further and it is know issue, but not a hack, just credential stealing site.

    https://www.techlicious.com/blog/facebook-is-this-you-video-scam/

    I am running sophos home premium and the interceptx comes as part of that package for mobile devices, version 9.6.0.42

    messenger the latest to automatically install.

    ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi,

    this is a screenshot of the nasty.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi

    Thank you for sharing more details along with the screenshot! This seems like a phishing scam, where a legitimate-looking page is shown for you to sign in to. Once you enter your credentials, they are stolen. The key security features for the free Intercept X Mobile app for iOS are WiFi Security (Man in the middle network attack), Secure QR code scanning, Authenticator, and Password Safe. 

    A phishing attack is a type of social engineering attack and hence it requires a different type of protection. For avoiding Phishing attacks, please see the following article: https://www.sophos.com/en-us/security-news-trends/best-practices/phishing.aspx

    For more info on the Sophos products offering this type of protection, please see: https://www.sophos.com/en-us/content/phishing-attack-prevention.aspx

    Thanks,

    Yashraj Singha

    Community Team Lead, Support & Services| Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • Hi Yashraj,

    Thank you for the details, but they do not answer the real issue about why a known bad actor site was allowed to get past interceptX? Also the sophos email scanning function suggested in the URLs is a business application, not available to home users. Further the URL should have failed the XG testing, not just content but as a know bad site.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi ,

    The XG firewall would have prevented this URL from a web filtering policy. Did you configure HTTPS decrypt and scan? 

    Thanks,

     

     
    Harsh Patel (H_Patel)

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • Hi,

    no, because decrypt and scan does not work on my iPAD to many sites fail and SSL/TLS is even worse.

    But I do have it enabled for malware and content scanning.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi ,

    The XG firewall would have prevented this URL from a web filtering policy, but it was not configured for your iPad. Did you have any IPS policy or ATP configured on the firewall? 

    Thanks,

     

     
    Harsh Patel (H_Patel)

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • Hi H_Patel,

    A screenshot of the firewall rule.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
Reply
  • Hi H_Patel,

    A screenshot of the firewall rule.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
Children
No Data