Recently, White Hat released a report on the official website about using the iOS calendar invitation feature to send spam incidents. This method can bypass the spam filtering mechanism through the calendar invitation function in the mobile operating system. At present, this method only appears on the iOS platform for the time being, and it may further evolve from a spam burst channel to a new phishing attack.
The mobile phone in normal use suddenly pops up with an invitation message. The approximate content above is the marketing information of xx entertainment city. The first reaction of most people in this situation is: Is my cell phone controlled? This is not the case. Even if the user’s mobile phone and related accounts are both normal and secure, this phenomenon may occur.
Not long ago, my colleagues’ iPhones suddenly popped up during the normal use of such a message. The above information is probably xx.com, website xxx.com, and so on. Next, White Hat's security team conducted a lot of research. It is understood that the popup of this information is actually the calendar function of the iPhone's mobile phone system. Under normal circumstances, it is generally used to send activities or meeting invitations to friends, colleagues, or family members. It is convenient and quick to use. What is admirable is that this feature has also been used by people with bad intentions.
The White Hat Security Research team found that if users sync the iPhone system calendar with iCloud Calendar, they may receive a prompt on the iPhone and display spam that is preset by criminals. This way, because it does not go through the mail system, our spam defense mechanism will not work.
From the related cases submitted by the users, it can be seen that the sender will first obtain a batch of email addresses, and then treat them as the invitee's iCloud account to randomly send invitations. The invitation includes relevant text and links. This type of content can be opened directly by the invitee and no interception tips will be sent.
According to this method, a small-scale test was conducted and the main effects were found as follows:
1. On average about 5% of recipients of information will click on the link included in the invitation. This method can be used for phishing attacks, and the effect is also very impressive;
2. After you choose to reject and receive the received message, your real name will be displayed at the sender. Using this method, the sender can perform further fraud and other operations;
Repeatedly sending multiple times will also result in constant system alerts and other malicious attacks. And there are no restrictions;
4, too many messages received, can take up the calendar. Use normal calendars;
5. After testing, Google's Gmail and Microsoft's Outlook Mailbox Calendar function can also send relevant invitations to iOS Calendar.
6. The same message will appear in all networked Apple devices that use the same account to log in, such as iPad, MacBook and other devices;
At present, the earliest record of this event that can be searched on the Internet is the beginning of June this year, and gradually increases to the concentrated outbreak when it reaches the end of July and the beginning of August.
If you search Baidu for the "Apple Calendar Ads" keyword, several of its search results are in response to such events by different users:
The cases searched on Weibo are as follows: The date is displayed on the 14th of July, and this method has not yet received any repair errors:
We advise users not to click on any link while receiving such spam and ignore it. At the bottom of this type of invitation information, there are generally three options provided by the system, namely, "Accept", "Possible" and "Reject." Regardless of which option the user clicks, the sender will display the real name of the respondent, which directly results in the leakage of the user's sensitive information. After having the user's email address and real name, it does not rule out that the sender will have further phishing attacks and other frauds.
If you want to avoid receiving such invitations, you can enter the "Mail, Contacts, Calendars" option in iOS Settings, find and close the "Events Found in Mail" option.
Solution: We have tried to communicate with Apple through relevant channels, and we have provided related protection suggestions. We add spam filtering to the invitation content of the calendar to prevent malicious use.
An Outdoor CPE (Customer Premises Equipment) is a client device used in outdoor environments, typically for wireless network connectivity. It is a device used to transmit Internet signals from a service provider to the user's location.
Outdoor CPE is commonly used to provide broadband access services, especially in remote areas or places without traditional wired network coverage. It can transmit an Internet connection via wireless signals to the building or area where the user is located. Outdoor CPE is typically a highly protected and durable device designed to handle harsh weather conditions in an outdoor environment.
Outdoor Cpes typically include the following main components:
1. Antenna: Outdoor CPE is usually equipped with a high-gain antenna for receiving and sending wireless signals. These antennas can be designed for different frequency bands and wireless standards.
2. Wireless module: Outdoor CPE usually includes a wireless module to handle the transmission and reception of wireless signals. This module usually supports different wireless standards such as Wi-Fi, LTE, 4G, etc.
3. Router function: Outdoor CPE usually has the function of a router, which can distribute the Internet connection to the device where the user is. It can provide IP address allocation, port forwarding, network security and other functions in the local area network.
4. Power supply and battery: Since Outdoor CPE is usually used in outdoor environments, it usually requires a reliable power supply. Some Outdoor Cpes are also equipped with batteries to provide continuous Internet connectivity in the event of a power outage.
The main features and advantages of Outdoor CPE are as follows:
1. High-speed broadband access: Outdoor CPE can provide high-speed broadband access services through wireless signals, so that users can enjoy high-speed Internet connections in places without traditional wired network coverage.
2. Flexibility: Since Outdoor CPE is a wireless connection, it can be used in different locations and environments. Users can place the Outdoor CPE in the best position as needed for optimal signal coverage and performance.
3. Simple installation: Outdoor CPE usually has a simple installation process, and users only need to place the device outdoors and make some basic Settings to start using the Internet connection.
4. Strong anti-interference ability: Outdoor CPE usually has strong anti-interference ability and can provide stable Internet connection under harsh environmental conditions. It can cope with various sources of interference, such as electromagnetic interference, weather conditions and so on.
5. High reliability: Outdoor CPE usually has a high degree of reliability and durability, and can be operated for a long time in a variety of outdoor environments. It usually has waterproof, dustproof, lightning-proof and other functions to cope with different weather conditions.
Outdoor CPE is widely used in a variety of scenarios, especially in rural areas, mountains, islands and other places without traditional cable network coverage. It can provide high-speed broadband access services to residents and enterprises in these areas, helping them to enjoy the convenience of the Internet.
In summary, the Outdoor CPE is a client device for outdoor environments to provide high-speed broadband access services via wireless signals. It is highly reliable, flexible and anti-jamming, and can provide a stable Internet connection in a variety of outdoor environments. It plays an important role in providing broadband access services, especially in places without traditional wired network coverage.
Outdoor Cpe,Router 4G Outdoor,4G Router Bridge Cpe,300Mbps Wifi Ap Outdoor 4G Lte Cpe
Shenzhen MovingComm Technology Co., Ltd. , https://www.movingcommtech.com