Each year, retailers announce door-busting deals on items they think will attract customers to their stores the day after the U.S. Thanksgiving holiday. Black Friday is one of the most popular shopping days of the year. Along with its neighbor Cyber Monday extending into Cyber Week, these shopping days (and any “early Black Friday” deals) ostensibly initiate the Christmas holiday shopping season in the United States and elsewhere.
(Keep reading—we have a special 2024 year-end discount for first-time buyers of Intego software.)
Electronic gadgets are typically among the most sought-after items. As I began to casually browse some early Black Friday deals this year, I noticed the continuation of a disturbing trend that I’ve observed in previous years.
At one particular retailer, one of the “deals” was a heavily discounted iPhone 5c, for less than $50. And as I kept browsing, I saw more apparent bargains for other old iPhones and iPads, including an iPad 2 for less than $75.
What could possibly be worrisome about deeply discounted, years-old Apple devices, you might ask?
For one thing, many of these devices are no longer receiving any operating system updates or security patches from Apple. Anyone who buys an iPhone 5c, even if it’s brand new and unopened, will forever be stuck with iOS 10.3.3, which has hundreds of known security vulnerabilities that Apple will never patch—including Spectre, KRACK, and many others—and lacks new security features such as USB Restricted Mode, camera and microphone in-use indicators, etc. An iPad 2 is even worse, being limited to iOS 9.3.6.
But it’s not merely the ancient iPhone 5c and iPad 2 that you should avoid. Many newer Apple devices are vulnerable as well.
One particularly notable issue (because of a hardware flaw that cannot be fixed with an iOS update) is that any iPhone or iPad with an Apple A5 through A11 Bionic processor is vulnerable to checkm8, an “unpatchable bootrom exploit.” This means that someone with physical access to your device can install malware, or in some cases* can unlock the device and access all your data. We discussed this on episode 103 of the Intego Mac Podcast (jump ahead to 10:15 in the player below to hear that conversation).
Devices vulnerable to checkm8 include the following models that were originally released between 2011 and 2019:
*The most vulnerable models in the list above are all those with a processor older than A7 and thus do not include the Secure Enclave, specifically: iPhone 4S, 5, and 5c, iPad 2 through 4th-gen, iPad mini 1st-gen, and all models of iPod touch listed above.
Even if you’re planning to use an iOS device mostly offline, many modern apps in the App Store will refuse to run on old versions of iOS. So even if you’re not particularly concerned about security, it’s still a good idea to get a device that’s capable of upgrading to iOS 14 or iPadOS 14 (the current operating systems).
Ideally, if you want to buy an Apple mobile device on sale this holiday season, and security and privacy are important to you, you should seek a device that can run iOS 14 or iPadOS 14 and is NOT vulnerable to checkm8. Thus, the following models are currently the safest:
Unfortunately, even the current model of iPod touch (7th-gen, released in 2019) is vulnerable to checkm8.
It’s not just Apple devices about which consumers should be cautious.
As with routers, try to choose brand names you recognize and trust whenever possible, and also try to select products that have a high number of mostly positive reviews. (And, if it’s a product with Internet capabilities that seem much more gimmicky than useful or practical, consider getting a non-connected version instead, or simply don’t connect it to your Wi-Fi network, just to play it safe.)
If you get nothing else out of this article, please take to heart the following advice:
Resist the urge to buy any Internet-enabled device on impulse. Do your proverbial homework first. Make sure the product and its manufacturer have good reputations and a track record of taking security seriously. Also try to confirm that the device is still receiving frequent firmware or operating system updates from the manufacturer.
If you’re not sure how to research this yourself, a good place to start is to check whether the manufacturer is still advertising or directly selling the device on the official company site. If you’re still uncertain, ask a knowledgeable IT person for help identifying whether or not a product is from a reputable company and likely to be safe.
And on that note, you can help be part of the solution. Please take a moment to share this article to help your friends and loved ones stay safe!
Here are all of our Black Friday deal links for this year—valid from Monday, November 25 through Sunday, December 1, 2024:
Remember to use these links to maximize your savings, and be sure to share these deals with your friends and family so they can save big as well!
For additional tips about shopping safely online, see our related article:
8 essential tips to stay safe shopping online on Cyber Monday and Cyber Week
Also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: