Hi Sophos Community, In the last week I have been getting some "Man in the middle attack" notifications from my devices marked as "High Alert" I've received four and all have similarities in behaviour: All devices are IPhone 8 or IPhone 8 Plus The time interval of the alets is from 9:08AM to 9:15AM In two of the cases the attack type is an "SSL stripping" the other one "Content manipulation". For further investigarion I've extracted the logs of the devices. In two cases the URL Manipulated was the same: https://login.aol.com/... Is this a usual behaviour of IPhone 8? How could I get more info of this? Greetings

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Man in the middle attack detected on IOs device (IPhone 8)

Hi Sophos Community,

In the last week I have been getting some "Man in the middle attack" notifications from my devices marked as "High Alert"

I've received four and all have similarities in behaviour:

All devices are IPhone 8 or IPhone 8 Plus
The time interval of the alets is from 9:08AM to 9:15AM

In two of the cases the attack type is an "SSL stripping" the other one "Content manipulation".

For further investigarion I've extracted the logs of the devices. In two cases the URL Manipulated was the same: https://login.aol.com/...

Is this a usual behaviour of IPhone 8? How could I get more info of this?

Greetings

This thread was automatically locked due to age.

Top Replies

GlennSen over 2 years ago +1

Hello, Thank you for reaching the community forum. This alert most likely came from a Public Wifi or Hotspot. The attack has been stopped by Sophos mobile, so there's no harm to the device but for precaution…

Parents

0 GlennSen over 2 years ago
Hello,

Thank you for reaching the community forum. This alert most likely came from a Public Wifi or Hotspot. The attack has been stopped by Sophos mobile, so there's no harm to the device but for precaution, advise the users who get this alert to perform a password reset on their accounts which are currently log in to the device.

There are many forms of man-in-the-middle attacks. Here are just a few:

Compromised public Wi-Fi. A hacker might eavesdrop on an unencrypted public Wi-Fi connection you’re using. Or they might create a fake public Wi-Fi hotspot (an “evil twin”) that mimics a legitimate hotspot. As soon as you log onto the fake hotspot, the hacker can intercept everything you send to a site and everything it sends back to you.

Use Virtual Private Networks (VPNs) when you’re in a public place.

Don’t visit sites that aren’t protected by secure HTTPS: look for HTTPS rather than HTTP in the web address. This isn’t foolproof, but it helps.

Please stay away from websites when your browser warns they’re unsafe.

Use multi-factor authentication on sites that offer you the option.

Don’t click email links or open attachments you aren’t expecting.

Ensure your home/office Wi-Fi network is protected with strong passwords and encryption. For example, use WPA2-PSK (AES) encryption, not WEP-64, WEP-128, or WPA-PSK.

For more details, you may refer to this documentation about Wi-Fi Security
Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Cancel
0 Wayne Folta over 1 year ago in reply to GlennSen

And this is one of the nice things about having a Sophos Firewall: VPN back to your own home when you're out. No need to have a VPN service (and have to trust them).
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Wayne Folta over 1 year ago in reply to GlennSen

And this is one of the nice things about having a Sophos Firewall: VPN back to your own home when you're out. No need to have a VPN service (and have to trust them).
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data