cross-posted from: https://lemmyf.uk/post/5813538
First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts
cross-posted from: https://lemmyf.uk/post/5813538
First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts
TestFlight isn’t the same as sideloading. And preventing sideloading has no effect on your IT illiterate relative handing over MDM control to a malicious actor.
Would you blame sideloading if your relative gave a random “fraud specialist” at their bank their online banking password and they had their bank account drained? That’s the essentially same kind of attack that happened here
You missed my point entirely. Once sideloading is available Trojan authors no longer need you to install an MDM to infect your parents devices.
They will still have to social engineer the target to get it enabled and installed.
I get your point, but where I don’t agree is that sideloading is more insecure than already exploited systems. What safety does disabling sideloading provide when the same user vulnerable users are able to be socially engineered to bypass several restrictions and install the test flight app or a management profile to give hackers control?
It’s not as if sideloading is going to be allow users to click a malicious ad that pops in at the last second where the real download button should be. It is going to behind the same multiple step processes that the current test flight or MDM vectors are
What safety does several layers of effective safety that removed this threat quickly and obviously prevented it from becoming a widespread issue provide?
And that is not what people are pushing for for sideloading. People want to be able to have alternative app stores with their own sets of rules that will not require test flight or MDM vectors.