Phishing attack dupes iPhone users into revealing their Apple ID password

Phishing attack dupes iPhone users into revealing their Apple ID password”

But what if that pop-up hasn't come from Apple, and has instead been created to look like an official request in an attempt by hackers to steal your credentials?

The proof-of-concept was detailed by Felix Krause, founder of the open-source app-building tool fastlane. From there, the app could send that popup and subsequently log the Apple ID and password.

But developer Felix Krause discovered that an app only needs about 30 lines of code to include a fraudulent "Enter your Apple ID password" popup that can be used to steal user data. Reporting potentially fraudulent apps to Apple is also advisable. As his pictures show, this can be designed by a developer to look identical to a "Sign into iTunes Store" pop-up. It would be hard for users to make out the difference, leading them to enter their credentials and being none the wiser. No word on when it will be offered to the rest of the iOS users.

If you are an iOS user, you would definitely have come across the pop up dialog above at some point.

For most users, it's impossible to differentiate between system dialogs and the phishing prompt. He also thinks that Apple should have some sort of prompt or indicate when a dialog is a system-generated one and when it is an app-generated one. Users, however, are really left with little recourse than a few tricks, like pressing the home button to see if the popoup is an official system one, in which case it will remain on screen, or a phishing attempt, in which case it should disappear. All of that using the official tools that Apple provides developer to make popups and dialog boxes. If this closes the app and the dialog, then it was a phishing attack. This freedom can be abused by showing a UIAlertController which looks just like a regular system dialog.

It's also worth noting that this type of attack would hinge on the malicious app making it through the App Store review process, and the code then being activated by the developer. Krause does however note that "organisations with bad intent will always find a way to somehow work around the limitations of a platform".

Like this


11 October 2017
Steady Movements: Pioneer Natural Resources Co. (PXD)
Mitchell Capital Management Co sold 19,636 shares as the company's stock declined 8.01% while stock markets rallied. The company had a trading volume of 190,896 shares. 785 are held by Cubist Systematic Strategies Ltd Liability Com.

11 October 2017
Super Mario Odyssey: Ranking All 8 Revealed Kingdoms So Far
The game is out on October 27 for the Nintendo Switch, and will be a holiday must-buy for Switch owners. Even though the hard mode was not unlocked behind the toys, Fusion Mode was the one that was unlocked.

11 October 2017
Intel works on "next stage" of quantum computing
Intel still have to jump the hurdles affecting all potential quantum computers right now, and they aren't easily bypassed. They can only run at extremely low temperatures and must be covered carefully to prevent data loss.

11 October 2017
Host Hotels & Resorts Inc (NYSE:HST) Stock Price Up as Sentiment Improves
On average, analysts forecast that Host Hotels and Resorts Inc will post $0.77 earnings per share for the current year. This company shares are 5.4% off its target price of $19.33 and the current market capitalization stands at $13.48B.

11 October 2017
No impact on USA military ops amid Turkey row: Pentagon
The embassy on Thursday said it was "deeply disturbed" over the arrest and rejected the allegations as "wholly without merit". Turkish President Recep Tayyip Erdogan has described a U.S. decision to suspend most visa services as "upsetting".

11 October 2017
Tom Holland and Will Smith Teaming for Animated Comedy 'Spies in Disguise'
The feature-length film is a Fox Animation production , with Blue Sky Studios and Chernin Entertainment overseeing the project. On the other hand, Holland will give his voice for Walter, who has a sharp mind but is not a great socialiser.

11 October 2017
Adrian Peterson Fantasy Value Rises After Trade, Jerick McKinnon Comparison
Peterson has at times seemed unhappy sharing carries with running backs Mark Ingram and Alvin Kamara. Peterson carried the ball 27 times for a 81 yards in four games with the Saints.

11 October 2017
Red Sox manager John Farrell won't return in 2018
They were swept out of the Division Series by the Indians last season and lost 3-1 to the Astros this year. In total, his record as the manager stands at 432-378, earning three division titles (2013, 2016, 2017).

11 October 2017
BMW X5 Special Edition and X6 M Sports Edition Revealed
Just like the X6 M Sport you can have the "SPecial Edition" option right across the X5 range, apart from on the M50d. Courtesy of BMW Individual, customers can opt for the Merino leather upholstery available in five color choices.

11 October 2017
BlackRock Beats Q3 Views As Investors Keep Pouring Money Into ETFs
The firm's share price was up 0.75 per cent in premarket trading at 2pm United Kingdom time. Fees from the company's index-tracking iShares rose 38 percent to $1.07 billion.