- Calendar subscriptions can be hijacked, injecting phishing links or malware into users’ schedules.
- Bitsight found 347 domains affecting around 4 million devices, mostly in the United States
- Not a bug, but a risky feature; users should manage their subscriptions carefully
A handy feature in popular calendar apps can be misused to trick people into clicking malicious links or divulging sensitive information, researchers say.
Most popular calendar apps allow users to subscribe to external calendars, allowing third parties, such as businesses or organizations, to add events directly to subscribers’ calendars. This can be just about anything, from discounts and sales to public events, holidays and much more.
However, if a business goes out of business or its domain expires, the calendar subscription does not expire with it. If a cybercriminal manages to obtain the domain, they can add events directly to users’ calendars, including links to phishing pages or sites hosting malware. The same goes for companies whose infrastructure has been hijacked or hacked.
Risky business
That’s according to security researchers at Bitsight, who say it’s a real problem, currently affecting around four million devices, as the attacks abuse the trust people place in different brands and organizations.
“Our research started with a single domain that we crawled, recording 11,000 unique IP addresses per day,” the experts said.
“This domain was functioning as a server for a subscribed calendar that distributed public events and German school holidays, and that caught our attention. Why would a domain for German holidays, with .ics files, be available?”
They ended up discovering 347 domains, including FIFA 2018 events, Islamic Hijri calendars and others, connected to approximately four million unique IP addresses, most of which were located in the United States.
Bitsight emphasizes that this is not a vulnerability or bug in calendar apps. This is simply a feature that inherently carries risks and as such these must be managed by end users. They also said that the four million possible targets are an understatement, as they only cover a fraction of the iPhone ecosystem and don’t even include Android.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
