Junk email automatically previewed - any risk? (iPadOS)
Hi all,
As I tried to delete a junk email, I noticed that the email automatically previewed (iPadOS Mail App). Does this pose any threat to my device?
Many thanks.
iPad (6th gen) WiFi
Question marked as
Top-ranking reply
Yes - and no...
Before proceeding, it is worthwhile to state that iOS/iPadOS, if not jailbroken, is not susceptible to malware infection in the traditional sense per-se - but, in common with all computing systems, is vulnerable to many other threats and threat actors. Immunity from threat is a myth - falsely perpetuated.
As to your question...
Many email messages contain images - some visible, some not. These images may be used to
- detect that an email has been accessed
- attempt to deliver a malicious payload via the Mail client
- attempt to load a malicious linked page via your default web browser (Safari).
The best defence is to “harden” your iPad. Doing so will allow you to review email content - without automatically downloading or triggering embedded content.
To “harden” the iPad and its desired behaviour it is necessary to change/set some settings for various App elements in iPadOS.
1) In iPad Settings, disable Automatic loading of remote images:
Settings > Mail > Load Remote Images - set to OFF
2a) Open the Mail App. From the sidebar, open an email that contains an embedded web-link to a safe/trusted website.
2b) From the main message pane, long-touch the embedded link to a web-age; a preview window will open.
2c) At the top of the preview window, tap Hide Preview (this inhibits loading of image elements); selecting Show Preview reverses this setting such that the preview will download potentially malicious content. This setting is “sticky”.
3) Install and configure a good quality Content Locker; highly recommend for iOS/iPadOS/macOS is 1Blocker for Safari:
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
The full benefits of installing a comprehensive Content blocker - that processes locally on the iPad without reliance upon an external proxy - is beyond the immediate scope of this reply.
4) Change your DNS server settings to use a high security Recursive DNS provider. Quad9 is highly recommended:
Quad9
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2
Cloudflare+APNIC
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Items (1) and (2) are essential hardening settings. If you concerned about email threat, these should be considered as a minimum.
Item (3) I strongly recommend for its depth of protection in defending against browser-based attacks - but comes with a small cost. Item (4) comes at no cost and adds protection against a multitude of internet threats; (3) and (4) provide complementary “defence in depth”.
Implementing all four measures provides considerable protection from a high proportion of internet threats to which your iPad (and other computing devices) are exposed.
I hope this information and guidance is helpful to you - resolving any concerns you may have.
