• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
iPhone

iOS Flaw Makes Apple ID Passwords Prone to Phishing Attacks

October 11th, 2017 Uzair Amir Security, Apple News, iPhone, Phishing Scam 0 comments
iOS Flaw Makes Apple ID Passwords Prone to Phishing Attacks
Share on FacebookShare on Twitter

According to the findings of Felix Krause, a mobile app developer and founder of Fastlane, there is a flaw in iOS that is potentially dangerous for the security of users’ passwords. In his blog post, Krause explained that cybercriminals could use pop-up dialog boxes to carry out phishing attacks so that an unsuspecting user could be tricked into providing his/her Apple ID password. It is worth noting that phishing attacks are conducted to get sensitive data such as credit card number or password or private information by stealing login data or infecting the device with malicious software.

To prove his findings, Krause developed a proof-of-concept showing that the security flaw indeed exists in iOS and wrote that there is just one method of differentiating the fake pop-up from the authentic one, which is by pressing the Home button. When this button is pressed, the fake pop-up dialog box will automatically close along with the app on which it appeared. For instance, if the user was playing a game and the fake pop-up appeared, by pressing the Home button the game will be closed and so will be the pop-up. 

A genuine pop-up will not be closed when the Home button is pressed because it will be running on an entirely different process while the fake pop-up will run on a standard app. Furthermore, the fake system of pop-up was quite easy to create (with just 30 lines of code to be written).

Let’s have a look at the comparison of an authentic pop-up and a fake pop-up:

iOS vulnerability makes Apple ID passwords prone to Phishing Attacks

Screenshot via: Krausefx

[fullsquaread][/fullsquaread]

iOS vulnerability makes Apple ID passwords prone to Phishing Attacks

Screenshot via: Krausefx

Krause suggests that to prevent users from being deceived into giving away their private details or sensitive data like passwords, app pop-up dialog boxes must include the app’s icon so that a system pop-up and an app pop-up could be differentiated. This would ultimately help in identifying fake pop-up from authentic ones. Moreover, using 2FA (two-factor authentication method) is also helpful in improving the security of the device. If cybercriminals obtain one of the two passwords, it will not be possible to complete the attack.

Krause opines that users shouldn’t be asked for passwords and similar credentials in the first place to prevent exploitation of the newly discovered iOS vulnerability. However, if they are asked for credentials, it is better to go to the Settings app and enter their credentials over there to eliminate the risk of abuse.

“Always close the dialog, and open the iCloud settings manually, and only enter [the password] there. Showing a dialog that looks just like a system popup is super easy, there is no magic or secret code involved, it’s the examples provided in the Apple docs, with a custom text,” stated Krause.

  • Tags
  • Apple
  • Cyber Attack
  • Flaw
  • hacking
  • internet
  • iOS
  • iPhone
  • Phishing
  • Scam
  • security
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Israel hacked Kaspersky to inform US about Russia stealing NSA exploits
Next article Millions of PornHub users affected by a year long malvertising campaign
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Play Store apps plagued with malware have 700,000 downloads

Play Store apps plagued with malware have 700,000 downloads

Facebook ads used in spreading Facebook Messenger phishing scam

Facebook ads used in spreading Facebook Messenger phishing scam

WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

Facebook ads used in spreading Facebook Messenger phishing scam
Phishing Scam

Facebook ads used in spreading Facebook Messenger phishing scam

Combatting Email Spam - What you should know
How To

Combatting Email Spam - What you should know

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us