Watch Out! Anyone Can Steal Your Apple ID Password With This Attack ! 




Watch Out! Anyone Can Steal Your Apple ID Password With This Attack !



Noredine BAHRI
Noredine BAHRI
  • Technical Writer
  • Entrepreneur
  • Founder and CEO
  • Developer
  • Blogger and IT Analyst
2017-10-17 11:10:27

| Share
| Share
| Share
Watch Out! Anyone Can Steal Your Apple ID Password With This Attack !

Can you detect which one of the above screens—asking an iPhone user for iCloud password—is original and which is fake?
Well, you would agree that both screenshots are almost identical, but the pop-up shown in the second image is fake—a perfect phishing attack that can be used to trick even the most careful users on the Internet.

Felix Krause, an iOS developer and founder of Fastlane.Tools, demonstrated an almost impossible to detect phishing attack that explains how a malicious iOS app can steal your Apple ID password to get access to your iCloud account and data.

According to an alarming blog post published on Tuesday by Krause, an iOS app can just use "UIAlertController" to display fake dialog boxes to users, mimicking the look and feel of Apple's official system dialogue.


Hence, this makes it easier for an attacker to convince users into giving away their Apple ID passwords without any degree of suspicion.

"iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates or iOS apps that are stuck during installation. As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so," Krause said.

"However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, Game Center or In-App-Purchases."

Moreover, it is even possible for app developers to generate fake alerts without knowing user’s email address because Apple also does that sometimes, as shown below:

Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID Password

Although there is no evidence of malicious attackers exploiting this phishing trick, Krause says it is "shockingly easy to replicate the system dialog," allowing any malicious app to abuse this behaviour.

For security reasons, the developer has decided not to include the actual source code of the popup while demonstrating the attack.

 

Here's How you can Prevent Against Such Clever Phishing Attacks


In order to protect yourself from such clever phishing attacks, Krause suggested users hit "Home" button when they are displayed such suspicious boxes.

If hitting Home button closes both the app, over which it appeared, and the dialog box disappears, then it was a phishing attack.
If the dialog and the app are still there, then it is an official system dialog by Apple.

"The reason for that is that the system dialogs run on a different process, and not as part of any iOS app," the developer explained.

Krause also advised users to avoid entering their credentials into any popup and instead open the Setting app manually and enter the credentials there—just like users are always encouraged to not click on any links they receive via an email and instead go to the legitimate website manually.

Most importantly, always use 2-factor authentication, so even if attackers gain access to your password, they still need to struggle for the OTP (one-time passcode) that you receive on your mobile device.

click the next for more ...
Hackers Recover Private RSA Keys Used in Billions of Devices
Hackers Recover Private RSA Keys Used in Billions of Devices
Hackers Recover Private RSA Keys Used in Billions of Devices

.
Hacker Leaked Celebrities Naked Photos and  Gets 8 Months check the story!
Hacker Leaked Celebrities Naked Photos and Gets 8 Months check the story!

The fourth celebrity hacker—who was charged earlier this year with hacking into over 250 Apple iCloud accounts belonged to Jennifer Lawrenc


Hacker Leaked Celebrities Naked Photos and  Gets 8 Months check the story!
Hacker Leaked Celebrities Naked Photos and Gets 8 Months check the story!

The fourth celebrity hacker—who was charged earlier this year with hacking into over 250 Apple iCloud accounts belonged to Jennifer Lawrenc


Hacker Leaked Celebrities Naked Photos and  Gets 8 Months check the story!
An Interview Question on Spring

Spring Singletons are not Java Singletons. Let's go over the important differences between them and how Spring singletons interact within containe


Hacker Leaked Celebrities Naked Photos and  Gets 8 Months check the story!
Introducing Android 9 Pie

After more than a year of development and months of testing by early adopters, we're ready to launch Android 9 Pie, the latest release of Android,


Hacker Leaked Celebrities Naked Photos and  Gets 8 Months check the story!
7 company will never see another dollar from you

7 / Terminix : basilcinnamonchives  said “My roommate at the time worked on a farm. We were aware of the possiblity he could bring fle


Hacker Leaked Celebrities Naked Photos and  Gets 8 Months check the story!
7 Absolute Weirdest Wedding Dresses Ever

There are only few occasions in life when your'e the center of attention and everybody's celebrating you. One of these occasions is, of course



© 2013-2018 best of geeks. All rights reserved.