Here’s something that all iOS users need to pay attention to. A new blog post from developer Felix Krause explains how the popup which iOS users are familiar with to enter their password could be used to easily trick someone into handing over their Apple ID and password. It’s apparently easy to emulate and while he hasn’t published code that allows one to do this, it is likely going to be in the wild in short order. Now he’s filed a bug report with Apple, but here’s what you should do to protect yourself. From his post:
- Hit the home button, and see if the app quits:
- If it closes the app, and with it the dialog, then this was a phishing attack
- If the dialog and the app are still visible, then it’s a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.
- Don’t enter your credentials into a popup, instead, dismiss it, and open the Settings app manually. This is the same concept, like you should never click on links on emails, but instead open the website manually
- If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.
I recommend reading Krause’s full explanation of this phishing method on his blog. Hopefully Apple reads it too and does something about this in short order.
Like this:
Like Loading...
Related
This entry was posted on October 11, 2017 at 10:26 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New iOS Phishing Attack Could Trick You Into Giving Away Your Apple ID Password
Here’s something that all iOS users need to pay attention to. A new blog post from developer Felix Krause explains how the popup which iOS users are familiar with to enter their password could be used to easily trick someone into handing over their Apple ID and password. It’s apparently easy to emulate and while he hasn’t published code that allows one to do this, it is likely going to be in the wild in short order. Now he’s filed a bug report with Apple, but here’s what you should do to protect yourself. From his post:
I recommend reading Krause’s full explanation of this phishing method on his blog. Hopefully Apple reads it too and does something about this in short order.
Share this:
Like this:
Related
This entry was posted on October 11, 2017 at 10:26 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.