Sci-tech

Phishing attack dupes iPhone users into revealing their Apple ID password

Phishing attack dupes iPhone users into revealing their Apple ID password”

But what if that pop-up hasn't come from Apple, and has instead been created to look like an official request in an attempt by hackers to steal your credentials?

The proof-of-concept was detailed by Felix Krause, founder of the open-source app-building tool fastlane. From there, the app could send that popup and subsequently log the Apple ID and password.

But developer Felix Krause discovered that an app only needs about 30 lines of code to include a fraudulent "Enter your Apple ID password" popup that can be used to steal user data. Reporting potentially fraudulent apps to Apple is also advisable. As his pictures show, this can be designed by a developer to look identical to a "Sign into iTunes Store" pop-up. It would be hard for users to make out the difference, leading them to enter their credentials and being none the wiser. No word on when it will be offered to the rest of the iOS users.

If you are an iOS user, you would definitely have come across the pop up dialog above at some point.

For most users, it's impossible to differentiate between system dialogs and the phishing prompt. He also thinks that Apple should have some sort of prompt or indicate when a dialog is a system-generated one and when it is an app-generated one. Users, however, are really left with little recourse than a few tricks, like pressing the home button to see if the popoup is an official system one, in which case it will remain on screen, or a phishing attempt, in which case it should disappear. All of that using the official tools that Apple provides developer to make popups and dialog boxes. If this closes the app and the dialog, then it was a phishing attack. This freedom can be abused by showing a UIAlertController which looks just like a regular system dialog.

It's also worth noting that this type of attack would hinge on the malicious app making it through the App Store review process, and the code then being activated by the developer. Krause does however note that "organisations with bad intent will always find a way to somehow work around the limitations of a platform".



Like this

Latest


11 October 2017
Super Mario Odyssey: Ranking All 8 Revealed Kingdoms So Far
The game is out on October 27 for the Nintendo Switch, and will be a holiday must-buy for Switch owners. Even though the hard mode was not unlocked behind the toys, Fusion Mode was the one that was unlocked.

11 October 2017
Intel works on "next stage" of quantum computing
Intel still have to jump the hurdles affecting all potential quantum computers right now, and they aren't easily bypassed. They can only run at extremely low temperatures and must be covered carefully to prevent data loss.

11 October 2017
Amazon targets teen shoppers with new account sharing feature
Any time they make a purchase, teens will be able to include a note that explains (or argues) why they need the particular item. On this page, there's now a new option to add a teen, as well as configure the settings associated with their account.

11 October 2017
BAE to cut 2000 jobs as Typhoon fighter orders stall
BAE is facing an order gap for the Typhoon so production is being slowed ahead of an expected order from Qatar. These actions will further strengthen our company as we deliver our strategy in a changing environment.

11 October 2017
(EOG) Shares now up at $94.18 EOG Resources Appoints C. Christopher…
Tower Rech Capital Limited Co (Trc) has 0.18% invested in EOG Resources Inc (NYSE:EOG) for 17,906 shares. (NYSE:EOG) is 15.687274. Donaldson sold 6,167 shares of the business's stock in a transaction that occurred on Thursday, September 28th.

11 October 2017
No impact on USA military ops amid Turkey row: Pentagon
The embassy on Thursday said it was "deeply disturbed" over the arrest and rejected the allegations as "wholly without merit". Turkish President Recep Tayyip Erdogan has described a U.S. decision to suspend most visa services as "upsetting".

11 October 2017
Tom Holland and Will Smith Teaming for Animated Comedy 'Spies in Disguise'
The feature-length film is a Fox Animation production , with Blue Sky Studios and Chernin Entertainment overseeing the project. On the other hand, Holland will give his voice for Walter, who has a sharp mind but is not a great socialiser.

11 October 2017
A Rainy & Mild Day
Highs will warm into the mid- to upper 80s, with heat indexes once again approaching 100 degrees on Monday , the forecast says. Patchy frost was possible this morning in the Omaha area before sunny skies and a high temperature in the lower 60s prevail.

11 October 2017
Moving Fire Overwhelms Napa Home, Kills World War II Veteran and Wife
They have lived in Napa for 35 years, which is longer than they have lived anywhere else in their lives. Sara, an avid bridge player, took care of the family and a succession of handsome homes.

11 October 2017
Arrested For Charged of Louisiana State University Fraternity Dead
Pledges were asked questions about the fraternity, and made to drink alcohol if they answered incorrectly. Gruver graduated from Blessed Trinity Catholic High School in Roswell earlier this year.



Recommended