Your Apple devices are not as secure as you think. Learn how to raise their protection

Despite several notable cyber incidents, some iPhone and macOS users may still hold on to the myth that their devices are secure simply because of the way these operating systems are built. The simple answer to these claims is “they are not”; but let’s dive deeper.

Applications (Apps) on iPhone or iPad devices run in their own separate virtual spaces and can communicate with each other to a very limited extent. This also means that malicious applications can neither obtain information from other legitimate applications, nor can they usually spread like they would in the Android OS. This means devices running on iOS are less attractive for a majority of cyber criminals. On the other hand, it also means that an external antivirus app for iOS would only be able to scan itself, and thus, not work properly.

Much like iOS, macOS is also often considered to be more secure in comparison with other operating systems. Built-in protection measures mean lower potential for the creation of security loopholes because Apple created the iOS and macOS ecosystems and has full control over both the OS and app environments. As such, Apple has been seen as being less attractive for cybercriminals because of their lower share of the market.

Armed with that information, you may get a false sense of security about macOS’ and iOS’ security because of their designs, but that is not the end of the story. When attempting to attack devices, attackers have far more options than just using malware. There are other ways they can steal sensitive data, and that is why your iOS or macOS devices’ built-in protections are not enough, and why they can benefit from additional layers of security.  

Responding to Apple customers’ needs, ESET brings forward new solutions on a consistent basis. This year’s offering is a huge step forward. Being a digital life protection vendor, ESET introduces two brand-new functionalities for iOS Virtual Private Network (VPN) and Identity Protection  (IP), to already present Password Manager. All these functionalities can be easily managed in updated ESET HOME, the complete security management platform.  

MacOS users can have these new features, together with Modern Endpoint Security available in the new subscription-based premium tier product for customers, ESET HOME Security Ultimate.

Spreading malware across iPhone apps may be a tough nut to crack, but cyber-criminals can use much simpler methods to bypass Apple security.

For example, they may opt for social engineering techniques such as phishing websites or messages that try to impersonate legitimate companies or institutions to lure sensitive data from potential victims. In fact, Apple was the third-most-impersonated brand in phishing scams in Q2 2023.

Another scam is a false tech support call, wherein a user receives a call impersonating Apple’s support service and requiring personal details in order to deal with an impending problem. To make the call more believable, an attacker will use a spoofed ID, so the caller’s number looks like it is originating from a legitimate Apple support center.  

Results of successful phishing attacks depend on how much data can be stolen from the victim in question. The extent of the damage varies from a hijacked e-mail account used for spreading spam to more serious incidents, such as identity theft or money withdrawn from an account.

Your iPhone can be also targeted while using unprotected public Wi-Fi. Connecting to an airport’s Wi-Fi during your travels may be convenient, but also may result in a loss of your sensitive data such as credit card details or passwords. Most public Wi-Fi networks don’t encrypt communications between your device and the router, making your data susceptible to interception.   

Lastly, there’s old-school pickpocketing. In February 2023, The Wall Street Journal reported on iPhone thieves across the US who were locking people out of their Apple accounts and draining their bank accounts. First, the thieves watched their victims closely to learn their passcodes, then (physically) stole the devices. Armed with the passcodes, they invaded their victims’ personal and financial lives, while also effectively preventing the iPhones’ owners from locating their phones.    

Macs face similar problems when connected to public Wi-Fi, as their users can face phishing threats via emails, private messages, and phony websites, among other threat vectors. Lastly, there are numerous pieces of malware specifically targeting macOS, such as CloudMensis, which was recently discovered by ESET researchers.

In general, using public Wi-Fi is not recommended because it is often unsecure. But if you still want to stay connected while in a hotel room or at the airport, connect with a VPN, which establishes a private network connection, making internet users anonymous. After connecting to the ESET VPN application, a user’s device receives a new dynamic IP address, and online traffic is secured and encrypted.

This way, ESET VPN prevents cyber criminals from stealing user data while using public Wi-Fi, and makes it more difficult for third parties to track a user's activity online, while ESET does not keep logs.   

Moreover, using a VPN service can also bring other advantages. For example, users can enjoy access to their favorite streaming services from different parts of the world without geo-blocking.

Since Apple customers can also fall victim to identity theft, ESET introduces its new Identity Protection* (IP) service for iOS and macOS. It monitors the dark web, searching for leaked sensitive information previously entered by a user such as name, phone number, and account credentials.

If a user is the victim of a data breach, they will be notified if the data they previously entered is found somewhere else online.

For US customers, the IP feature also includes Credit Report Monitoring, Smart SSN (Social Security number) Tracker, Social Media Identity Monitoring, Identity Theft Insurance up to $1 mil., and an on-call identity restoration service. Users will also be notified about leaked credit/debit cards and changes made to credit reports so that they can act against potential misuse of their personal information.

Apple has its own password manager iCloud Keychain that stores and protects your passwords, but there are some known vulnerabilities. For example, iPhone thieves described by the Wall Street Journal can also bypass Keychain using stolen passcodes. Having a separate password manager from a different vendor gives you an extra layer of protection in such situations.   

ESET Password Manager not only protects and stores your passwords and personal data, but the built-in password generator also prompts you to create strong, unpredictable passwords that you don’t have to remember.

Login credentials are stored automatically as new accounts are created. ESET Password Manager also includes a form completion feature that saves you time by completing web forms automatically and accurately.

To improve account protection even further, experts suggest setting up two-factorial authentication (2FA). This creates an additional authentication layer in case your password has been breached or stolen. 

Operating a VPN, Identity Protection*, Password Manager, and 2FA might all sound too complex and time-consuming for a regular iPhone user. But in fact, you can easily manage all these features and more from one, easy-to-use platform, ESET HOME.

This complete security management platform and its companion mobile app for Android and iOS offer users a convenient and informative management dashboard with information about their ESET products, devices, licenses, and services, while also making it all accessible anywhere they go, whenever they need it.

ESET HOME also serves as a notification hub that presents connected devices as an ecosystem, where users can always easily check the security status of their connected devices.

Cyber incidents like leaked private photos of celebrities, iPhone passcode scams, and numerous malwares targeting Macs are proof that even iOS and macOS are not impenetrable, and that there is a need for extra layers of protection. Therefore, having features such as VPN and Identity Protection* can be quite handy, especially if they are easy to manage.

*Currently available in US market only, with global roll out planned in 2024.