iPad malicious PDF

[JW5566]

Not sure where to post this, in iPad, iPadOS or here, so apologies if in the wrong place.

I have reason to suspect I have been targeted by a malicious attempt to get me to open an email attachment, using social engineering techniques. Being careful of attachments - it was a PDF - I actually opened it on my iPad instead of my MacBook.

Whilst nothing sinister seems to have occurred, for example, no emails/alerts saying someone has logged into my iCloud account, I am interested to know if a PDF file is likely to be able to be risky if opened on an iPad, if there is anything I can do to "scan" or check my iPad, or if I'm really paranoid, whether I should factory reset it. Can a malicious attachment on an iPad be used to key log, sniff around my settings or iCloud, my Notes, or read emails and so on?

Is there a way of scanning the PDF on my Mac? Is there anything I should be looking out for on my iPad? (15.7.2, previously 15.7.1).

I'm not sure anyone would know in advance whether I was running a PC or Mac etc, though in initial email exchanges I am guessing this would be obvious from my email headers and info, where I was sending it from (Mac OS).

 

[BigMcGuire]

I would not worry about opening a malicious PDF on my iPad. iPad OS just like iOS has very few vectors for malicious attachments/documents. Most malicious executables and PDFs are designed for a full blown computer operating system with far more privileges.

A malicious attachment on your iPad cannot be used to key log, sniff around your iCloud, notes, and read emails.

You could probably download the PDF on your Mac OS, then download something like Malwarebytes to scan it. A lot of times using a known email service like Outlook, Gmail, etc will scan attachments before you can open them so that's another option (depending on their size).

 

[Beefbowl]

Malicious PDF files are going to be trying to exploit attack vectors that shouldn’t be present on an iPad.

Most AV vendors are going to have a submission site that you can send the file to and get back a response of “this file was malicious, thank you” or “no, we couldn’t find anything wrong with this file”. That’d be my next move rather than copying it to a Mac.

 

[KaliYoni]

Is there a way of scanning the PDF

You can upload any suspicious or untrusted file for scanning by multiple virus detection engines here:

VirusTotal

VirusTotal

www.virustotal.com

I would be careful about uploading anything containing personal or confidential information, of course.

----------
You can also search this comprehensive database of exploits for specific threats or for how often a given OS or platform is attacked:

Known Exploited Vulnerabilities Catalog | CISA

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV...

www.cisa.gov

 

[JW5566]

Thank you so much for the helpful responses to this, which has put my mind at rest.

@KaliYoni thanks for the link, I have scanned it and it reports back as OK. The analysis was incredibly interesting, even down to what IP/DNS activity resulted and what registry entries were referenced (in this case, all Adobe related).

 

[KaliYoni]

which has put my mind at rest.

Glad to hear your .pdf wasn’t malicious. One more thing that comes to mind is that all of Apple’s current operating systems, including macOS, iOS, and iPadOS, do have some shared code. So while iPhone OS and its successors don‘t have the same attack surface as macOS, a cross-platform exploit is possible. Also, files in widely adopted formats, such as .pdf or .jpg, that are used with non-Apple software can be used to compromise mutiple operating systems.

 

[newton4000]

I would not worry about opening a malicious PDF on my iPad. iPad OS just like iOS has very few vectors for malicious attachments/documents. Most malicious executables and PDFs are designed for a full blown computer operating system with far more privileges.

A malicious attachment on your iPad cannot be used to key log, sniff around your iCloud, notes, and read emails.

You could probably download the PDF on your Mac OS, then download something like Malwarebytes to scan it. A lot of times using a known email service like Outlook, Gmail, etc will scan attachments before you can open them so that's another option (depending on their size).

Yes. That's what we all thought.
And along came Pegasus.

 

[BigMcGuire]

Yes. That's what we all thought.
And along came Pegasus.

State sponsored malware / spyware is usually directed towards people who aren't on Macrumors. With enough $ and effort, anything is possible and anything created by humans is going to be flawed and vulnerable. Thankfully, for the vast majority of us who aren't billionaires, in state/federal government positions, journalists covering very sensitive topics, we're good and safe.

iOS / iPad OS is even more secure now than it was back in the days of iOS 14.7.

But I hear what you're saying. We all know there are exploits out there that haven't been found yet.

 

[KaliYoni]

State sponsored malware / spyware is usually directed towards people who aren't on Macrumors.

True, but given the widespread sharing and archiving of contacts both on devices and in the cloud, it is easy to become collateral damage. For example, somebody with a 2nd or even a 3rd degree connection to an activist, journalist, or politician–all people who have thousands of contacts–could come under surveillance due to something as innocuous as receiving a retweet on LinkedIn or having a common friend from school days.

 

[Beefbowl]

This remains my favorite writing on computer security:

https://www.usenix.org/system/files/1401_08-12_mickens.pdf

An excerpt:

Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,”

 

[KaliYoni]

you’re either dealing with Mossad or not-Mossad

I'd say Unit 8200 is a bigger threat to cybersecurity than Mossad.
;-)

 

[newton4000]

State sponsored malware / spyware is usually directed towards people who aren't on Macrumors. With enough $ and effort, anything is possible and anything created by humans is going to be flawed and vulnerable. Thankfully, for the vast majority of us who aren't billionaires, in state/federal government positions, journalists covering very sensitive topics, we're good and safe.

iOS / iPad OS is even more secure now than it was back in the days of iOS 14.7.

But I hear what you're saying. We all know there are exploits out there that haven't been found yet.

You are right to say it's unlikely, but not impossible.