Could a dns hijack have sent malware iOS updates to our phones?

No.

All updates must be signed and confirmed from Apple.

Is this a router provided by Spectrum?

A DNS hijack would simply redirect you when typing in chase.com to fakechasepasswordstealingsite.com and it would have to be incredibly well done considering modern browser's block websites without SSL certs. If you typed in your username/password they would capture it.




Source: Network Engineer.

Well it was showing all these netmasq alerts for App Store in the router logs.

Yeah it’s the router they gave us.

I hope you are right, network engineer. I guess it would be all too common if it were that easy.

I mean, that’s something Apple would have thought of already right? And made a way to prevent it?

That's right. The DNS could be faked, but the device will not install an incorrectly signed or unsigned iOS image. They'd have to steal a digital certificate from Apple and sign the hacked image, then use poisoned DNS to redirect you to the hacked image. You cannot fake the digital certificate. Look up one-way hashes to see why.

Makes me feel a little better for now.

You could say get said encryption key in China

Well if I bring it to the Apple store could they do an integrity check or else I could restore it in iTunes once i get a clean router? Maybe that would work.

I think they did do it with the stolen certificate


Doesn’t this look fishy
[link to freeimage.host (secure)]

idk the dns has been the official spectrum ones i guess.

but when i go to what is my dns website it shows a cloudflare ip

Not fishy...

209.18.47.61 is owned by Spectrum, it's the upstream DNS server set by the router


[link to whatismyipaddress.com (secure)]

Provide the make/model of the router and I will check if there's any known security vulnerabilities. They usually re-package D-Link or other brands and slap their logo on them.

If this is widespread you wouldn't be the only person... I think you're a-okay and should pop a Xanax

Also, if you're interested in stepping up your internet security game... Change your PC NIC or your router itself to point to Cisco public Umbrella DNS:

208.67.222.222
208.67.220.220

If you're really looking for some fun, try a Raspberry Pi-Hole: [link to pi-hole.net (secure)]

This blackholes a good chunk of advertisements. After pointing my household to it I could see that even after I power off my LG television that damn thing communicates outbound like clockwork.... My Samsung TV doesn't however. Fun to check on what your devices are doing in the background....

Owning crapple products, you dun goofed.