info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Malware on the iPad?
1,108 views
Skip to first unread message
John Varela
Nov 4, 2017, 7:15:36 PM11/4/17
to
Today I had reason to open my iPad's "Settings/Accounts & Passwords"
for the first time in months, and there I discovered a mail account
that is all news to me. I have no idea what it ior how it got there.
The Account information says "These settings are installed by the
profile 'RedAlerts Emergency'." Its email address and User Name are
EdsonKha...@myminbox.email and the Host Name is
20170714.imap.email.minbox.email. That makes no sense to me, but
that's what it says in Settings.
The account was not active so it has not been appearing among Mail's
Inboxes. There is no similar account on any of our Macs.
20170714 looks like a date. On last July 14, Calendar tells me that
we had some workmen at our house removing and replacing a fence,
which was outdoor work. I was home all day except when the wife and
I went out to lunch. I seriously doubt that one of the workmen would
have been able to enter the house, find my iPad, log on, and do
dirty work.
I have done my best to make the account unusable, giving it a
nonsense password and removing the SMTP server address. There is no
similar account on our Macs.
I can find no way to remove this account from the iPad. Is there
one?
Also, I'd like to run a malware detection app on the iPad (I have
run Malwarebytes on the Macs) but the App Store has a zillion
malware detection apps, none of which is familiar to me. Is there a
recommendation?
--
John Varela
for the first time in months, and there I discovered a mail account
that is all news to me. I have no idea what it ior how it got there.
The Account information says "These settings are installed by the
profile 'RedAlerts Emergency'." Its email address and User Name are
EdsonKha...@myminbox.email and the Host Name is
20170714.imap.email.minbox.email. That makes no sense to me, but
that's what it says in Settings.
The account was not active so it has not been appearing among Mail's
Inboxes. There is no similar account on any of our Macs.
20170714 looks like a date. On last July 14, Calendar tells me that
we had some workmen at our house removing and replacing a fence,
which was outdoor work. I was home all day except when the wife and
I went out to lunch. I seriously doubt that one of the workmen would
have been able to enter the house, find my iPad, log on, and do
dirty work.
I have done my best to make the account unusable, giving it a
nonsense password and removing the SMTP server address. There is no
similar account on our Macs.
I can find no way to remove this account from the iPad. Is there
one?
Also, I'd like to run a malware detection app on the iPad (I have
run Malwarebytes on the Macs) but the App Store has a zillion
malware detection apps, none of which is familiar to me. Is there a
recommendation?
--
John Varela
nospam
Nov 4, 2017, 7:37:30 PM11/4/17
to
In article <51W5y0sPNk52-pn2-CwdJgy2SjDGX@localhost>, John Varela
> I have done my best to make the account unusable, giving it a
> nonsense password and removing the SMTP server address. There is no
> similar account on our Macs.
>
> I can find no way to remove this account from the iPad. Is there
> one?
settings>accounts&passwords, choose account, tap delete.
<https://appletoolbox.com/wp-content/uploads/2017/10/Accounts-Passwords-
Account-Type-Selection.jpg>
> Also, I'd like to run a malware detection app on the iPad (I have
> run Malwarebytes on the Macs) but the App Store has a zillion
> malware detection apps, none of which is familiar to me. Is there a
> recommendation?
yes. don't waste your time or money.
they're completely worthless and no longer allowed on the app store.
<http://mashable.com/2017/09/15/apple-app-store-virus-scanning-apps/>
As the company notes in its guidelines, it's incredibly misleading
for apps to advertise themselves as having these types of features.
Not because it's impossible for malicious code to find its way into
the App Store (though rare, it has happened), but because Apple's
developer policies make it literally impossible for any third-party
app to identify such malicious code in the first place.
<newl...@verizon.net> wrote:
> Today I had reason to open my iPad's "Settings/Accounts & Passwords"
> for the first time in months, and there I discovered a mail account
> that is all news to me. I have no idea what it ior how it got there.
>
> The Account information says "These settings are installed by the
> profile 'RedAlerts Emergency'." Its email address and User Name are
> EdsonKha...@myminbox.email and the Host Name is
> 20170714.imap.email.minbox.email. That makes no sense to me, but
> that's what it says in Settings.
>
> The account was not active so it has not been appearing among Mail's
> Inboxes. There is no similar account on any of our Macs.
>
> 20170714 looks like a date. On last July 14, Calendar tells me that
> we had some workmen at our house removing and replacing a fence,
> which was outdoor work. I was home all day except when the wife and
> I went out to lunch. I seriously doubt that one of the workmen would
> have been able to enter the house, find my iPad, log on, and do
> dirty work.
is your ipad locked with a passcode?
> Today I had reason to open my iPad's "Settings/Accounts & Passwords"
> for the first time in months, and there I discovered a mail account
> that is all news to me. I have no idea what it ior how it got there.
>
> The Account information says "These settings are installed by the
> profile 'RedAlerts Emergency'." Its email address and User Name are
> EdsonKha...@myminbox.email and the Host Name is
> 20170714.imap.email.minbox.email. That makes no sense to me, but
> that's what it says in Settings.
>
> The account was not active so it has not been appearing among Mail's
> Inboxes. There is no similar account on any of our Macs.
>
> 20170714 looks like a date. On last July 14, Calendar tells me that
> we had some workmen at our house removing and replacing a fence,
> which was outdoor work. I was home all day except when the wife and
> I went out to lunch. I seriously doubt that one of the workmen would
> have been able to enter the house, find my iPad, log on, and do
> dirty work.
> I have done my best to make the account unusable, giving it a
> nonsense password and removing the SMTP server address. There is no
> similar account on our Macs.
>
> I can find no way to remove this account from the iPad. Is there
> one?
<https://appletoolbox.com/wp-content/uploads/2017/10/Accounts-Passwords-
Account-Type-Selection.jpg>
> Also, I'd like to run a malware detection app on the iPad (I have
> run Malwarebytes on the Macs) but the App Store has a zillion
> malware detection apps, none of which is familiar to me. Is there a
> recommendation?
they're completely worthless and no longer allowed on the app store.
<http://mashable.com/2017/09/15/apple-app-store-virus-scanning-apps/>
As the company notes in its guidelines, it's incredibly misleading
for apps to advertise themselves as having these types of features.
Not because it's impossible for malicious code to find its way into
the App Store (though rare, it has happened), but because Apple's
developer policies make it literally impossible for any third-party
app to identify such malicious code in the first place.
David Empson
Nov 5, 2017, 12:23:03 AM11/5/17
to
John Varela <newl...@verizon.net> wrote:
> Today I had reason to open my iPad's "Settings/Accounts & Passwords"
> for the first time in months, and there I discovered a mail account
> that is all news to me. I have no idea what it ior how it got there.
>
> The Account information says "These settings are installed by the
> profile 'RedAlerts Emergency'." Its email address and User Name are
> EdsonKha...@myminbox.email and the Host Name is
> 20170714.imap.email.minbox.email. That makes no sense to me, but
> that's what it says in Settings.
>
> The account was not active so it has not been appearing among Mail's
> Inboxes. There is no similar account on any of our Macs.
>
> 20170714 looks like a date. On last July 14, Calendar tells me that
> we had some workmen at our house removing and replacing a fence,
> which was outdoor work. I was home all day except when the wife and
> I went out to lunch. I seriously doubt that one of the workmen would
> have been able to enter the house, find my iPad, log on, and do
> dirty work.
>
> I have done my best to make the account unusable, giving it a
> nonsense password and removing the SMTP server address. There is no
> similar account on our Macs.
>
> I can find no way to remove this account from the iPad. Is there
> one?
Because the email account was installed using a profile, you can't
> Today I had reason to open my iPad's "Settings/Accounts & Passwords"
> for the first time in months, and there I discovered a mail account
> that is all news to me. I have no idea what it ior how it got there.
>
> The Account information says "These settings are installed by the
> profile 'RedAlerts Emergency'." Its email address and User Name are
> EdsonKha...@myminbox.email and the Host Name is
> 20170714.imap.email.minbox.email. That makes no sense to me, but
> that's what it says in Settings.
>
> The account was not active so it has not been appearing among Mail's
> Inboxes. There is no similar account on any of our Macs.
>
> 20170714 looks like a date. On last July 14, Calendar tells me that
> we had some workmen at our house removing and replacing a fence,
> which was outdoor work. I was home all day except when the wife and
> I went out to lunch. I seriously doubt that one of the workmen would
> have been able to enter the house, find my iPad, log on, and do
> dirty work.
>
> I have done my best to make the account unusable, giving it a
> nonsense password and removing the SMTP server address. There is no
> similar account on our Macs.
>
> I can find no way to remove this account from the iPad. Is there
> one?
delete it directly. You need to delete the profile instead.
That is done in Settings > General > Profiles. The 'RedAlerts Emergency'
profile is probably the only one there (unless you have other profiles,
e.g. for Apple beta programmes).
I suspect the profile was installed by an app that was used on your
iPad, but that can only happen if it asked you first and you granted
permission. That is NEVER a good idea unless you are absolutely certain
you trust the app and understand why it is necessary.
This discussion thread seems relevant:
https://discussions.apple.com/thread/8039386?start=0&tstart=0
> Also, I'd like to run a malware detection app on the iPad (I have
> run Malwarebytes on the Macs) but the App Store has a zillion
> malware detection apps, none of which is familiar to me. Is there a
> recommendation?
monitor what other apps are doing, because iOS apps are sandboxed to
protect them from each other. That also means malicous apps can't modify
anything in other apps (or in the system settings), unless they trick
you into giving them permission to do so (as was probably the case
here).
At best, a "malware detection" app could look for names of installed
apps that are known to be bad in some way. If you don't have any
unexpected apps on your iPad, you don't need an app to tell you that.
--
David Empson
dem...@actrix.gen.nz
Lewis
Nov 5, 2017, 9:59:47 AM11/5/17
to
In message <51W5y0sPNk52-pn2-CwdJgy2SjDGX@localhost> John Varela <newl...@verizon.net> wrote:
> Today I had reason to open my iPad's "Settings/Accounts & Passwords"
> for the first time in months, and there I discovered a mail account
> that is all news to me. I have no idea what it ior how it got there.
> The Account information says "These settings are installed by the
> profile 'RedAlerts Emergency'." Its email address and User Name are
> EdsonKha...@myminbox.email and the Host Name is
> 20170714.imap.email.minbox.email. That makes no sense to me, but
> that's what it says in Settings.
You have a profile installed on your phone. Why?
> Today I had reason to open my iPad's "Settings/Accounts & Passwords"
> for the first time in months, and there I discovered a mail account
> that is all news to me. I have no idea what it ior how it got there.
> The Account information says "These settings are installed by the
> profile 'RedAlerts Emergency'." Its email address and User Name are
> EdsonKha...@myminbox.email and the Host Name is
> 20170714.imap.email.minbox.email. That makes no sense to me, but
> that's what it says in Settings.
> The account was not active so it has not been appearing among Mail's
> Inboxes. There is no similar account on any of our Macs.
Never allow a profile to install unless you know exactly what it is and
would trust the person offering it with the keys to your safe-deposit
box, bank account numbers, and the lives of your children.
> I can find no way to remove this account from the iPad. Is there
> one?
--
E is for ERNEST who choked on a peach
F is for FANNY sucked dry by a leech
John Varela
Nov 5, 2017, 10:10:24 AM11/5/17
to
>The 'RedAlerts Emergency'
> profile is probably the only one there
>(unless you have other profiles,
> e.g. for Apple beta programmes).
> I suspect the profile was installed by an app that was used on your
> iPad, but that can only happen if it asked you first and you granted
> permission. That is NEVER a good idea unless you are absolutely certain
> you trust the app and understand why it is necessary.
come from the App Store.
> This discussion thread seems relevant:
>
> https://discussions.apple.com/thread/8039386?start=0&tstart=0
something from one of those apps, but since it came from the App
Store then surely it was harmless. Might have it been usage feedback
to the developer?
> > Also, I'd like to run a malware detection app on the iPad (I have
> > run Malwarebytes on the Macs) but the App Store has a zillion
> > malware detection apps, none of which is familiar to me. Is there a
> > recommendation?
>
> None of them. There is no way a so-called "malware detection" app could
> monitor what other apps are doing, because iOS apps are sandboxed to
> protect them from each other. That also means malicous apps can't modify
> anything in other apps (or in the system settings), unless they trick
> you into giving them permission to do so (as was probably the case
> here).
protection" turns up scores of hits, and that caused doubts.
> At best, a "malware detection" app could look for names of installed
> apps that are known to be bad in some way. If you don't have any
> unexpected apps on your iPad, you don't need an app to tell you that.
--
John Varela
David Empson
Nov 5, 2017, 6:37:52 PM11/5/17
to
John Varela <newl...@verizon.net> wrote:
> On Sun, 5 Nov 2017 04:23:01 UTC, dem...@actrix.gen.nz (David
> Empson) wrote:
>
> > John Varela <newl...@verizon.net> wrote:
> >
> > > Today I had reason to open my iPad's "Settings/Accounts & Passwords"
> > > for the first time in months, and there I discovered a mail account
> > > that is all news to me. I have no idea what it ior how it got there.
> > >
> > > The Account information says "These settings are installed by the
> > > profile 'RedAlerts Emergency'." Its email address and User Name are
> > > EdsonKha...@myminbox.email and the Host Name is
> > > 20170714.imap.email.minbox.email. That makes no sense to me, but
> > > that's what it says in Settings.
> > >
> > > The account was not active so it has not been appearing among Mail's
> > > Inboxes. There is no similar account on any of our Macs.
[...]
> On Sun, 5 Nov 2017 04:23:01 UTC, dem...@actrix.gen.nz (David
> Empson) wrote:
>
> > John Varela <newl...@verizon.net> wrote:
> >
> > > Today I had reason to open my iPad's "Settings/Accounts & Passwords"
> > > for the first time in months, and there I discovered a mail account
> > > that is all news to me. I have no idea what it ior how it got there.
> > >
> > > The Account information says "These settings are installed by the
> > > profile 'RedAlerts Emergency'." Its email address and User Name are
> > > EdsonKha...@myminbox.email and the Host Name is
> > > 20170714.imap.email.minbox.email. That makes no sense to me, but
> > > that's what it says in Settings.
> > >
> > > The account was not active so it has not been appearing among Mail's
> > > Inboxes. There is no similar account on any of our Macs.
> > > I can find no way to remove this account from the iPad. Is there
> > > one?
> >
> > Because the email account was installed using a profile, you can't
> > delete it directly. You need to delete the profile instead.
> >
> > That is done in Settings > General > Profiles.
>
> That worked like a charm. Thank you very much for pointing me there.
[...]
> > > one?
> >
> > Because the email account was installed using a profile, you can't
> > delete it directly. You need to delete the profile instead.
> >
> > That is done in Settings > General > Profiles.
>
> That worked like a charm. Thank you very much for pointing me there.
> > I suspect the profile was installed by an app that was used on your
> > iPad, but that can only happen if it asked you first and you granted
> > permission. That is NEVER a good idea unless you are absolutely certain
> > you trust the app and understand why it is necessary.
>
> I'm well aware of that. There are no apps on my iPad that didn't
> come from the App Store.
>
> > This discussion thread seems relevant:
> >
> > https://discussions.apple.com/thread/8039386?start=0&tstart=0
>
> All the apps on my iPad came from the App Store. I may have accepted
> something from one of those apps, but since it came from the App
> Store then surely it was harmless. Might have it been usage feedback
> to the developer?
Profiles can be installed by apps from App Store. In the article I
> > iPad, but that can only happen if it asked you first and you granted
> > permission. That is NEVER a good idea unless you are absolutely certain
> > you trust the app and understand why it is necessary.
>
> I'm well aware of that. There are no apps on my iPad that didn't
> come from the App Store.
>
> > This discussion thread seems relevant:
> >
> > https://discussions.apple.com/thread/8039386?start=0&tstart=0
>
> All the apps on my iPad came from the App Store. I may have accepted
> something from one of those apps, but since it came from the App
> Store then surely it was harmless. Might have it been usage feedback
> to the developer?
linked, a profile of a similar name to the one you described came from
an unidentified weather app.
It is also possible to have profiles installed via other methods, e.g.
from a web site or an email attachment.
In all cases, a profile can never be installed automatically. The user
is always asked for permission, and it involves typing in the passcode
(or TouchID/FaceID?) to confirm that you are the legitimate user.
If you don't recall doing something like that, is there anyone else who
uses your iPad and knows its passcode? Maybe they installed an app which
set up the profile, and they authorised it.
The installation of a profile which creates an email account is
something I've seen on one person's iPhone recently - in that case it
was an email account from their ISP, so it seems like the ISP supplied a
profile to simplify the setup process for the user, possibly via their
app. Therefore that is a legitimate use of profiles, and Apple does not
block apps which do that.
For some kind of "emergency alert" app, setting up a profile to fetch
email from a particular server to get alerts is one way they could do
it, though it is a rather ugly method. It may not have triggered any
alarm bells when Apple was reviewing the app. The profile would still be
there even if you deleted the app which installed it.
Profiles can do a lot of things including creating VPNs, changing
network settings (and most other settings including some hidden ones),
blocking the use of particular apps (including some standard ones),
disabling features such as the camera, and installing root certificates.
Apart from Apple beta programmes, a major use of profiles is for devices
managed by companies, which is where many of the lockdown features get
applied, e.g. if a company is dealing with secret information they may
require all devices to have the cameras disabled. These profiles can
also provide a way for the company to remotely manage your device
including wiping it.
Therefore you should never allow any profile to be installed on your
personal device unless you understand its purpose, and trust whoever is
installing it.
> Thanks again. You've been very helpful.
--
David Empson
dem...@actrix.gen.nz
Lewis
Nov 5, 2017, 7:30:40 PM11/5/17
to
that seems unlikely in this case. If I am too close to a public school
here my phone will try to join the wifi and ask me to install a profile
to connect, which I never do, of course.
> In all cases, a profile can never be installed automatically. The user
> is always asked for permission, and it involves typing in the passcode
> (or TouchID/FaceID?) to confirm that you are the legitimate user.
password. I am not 100% sure, but I don't think you can do it just with
TouchID.
> Therefore that is a legitimate use of profiles, and Apple does not
> block apps which do that.
I installed on my elderly parent's phone that prevented him accidentally
deleting apps and added some fake apps to his phone that would be a one
touch for emergency contacts.
--
"Everyone has a photographic Memory, some just don't have film." ~Steven
Wright
John Varela
Nov 8, 2017, 7:51:56 PM11/8/17
to
On Sun, 5 Nov 2017 23:37:51 UTC, dem...@actrix.gen.nz (David
Empson) wrote:
> Profiles can be installed by apps from App Store. In the article I
> linked, a profile of a similar name to the one you described came from
> an unidentified weather app.
I was thinking that might have been the source. I have been a fan of
Empson) wrote:
> Profiles can be installed by apps from App Store. In the article I
> linked, a profile of a similar name to the one you described came from
> an unidentified weather app.
wunderground.com for a long time, but they changed their site a few
months ago, deleting one of my favorite features, so I went looking
and now have a half-dozen weather programs on my iPad. That was
probably in the middle of the summer.
--
John Varela
0 new messages