IOS Phishing Attack Masks Itself As Apple-Style Password Request

Share

You should also know that the new emojis will be available on all Apple OS: "The new emoji will debut in next week's developer and public beta previews of iOS 11.1, and will be available in upcoming software updates for iOS, macOS and watchOS".

If you input your password into one of the fake boxes, the attacker could steal it and use it to access your credit card information.

Apple iOS asks for your iTunes account password for various reasons, be it OS updates, for purchases, changing your device pin, etc.

"As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so".

According to Krause, "Showing a dialog that looks just like a system popup is super easy, there is no magic or secret code involved, it's literally the examples provided in the Apple docs, with a custom text".

Felix has also provided some information on how you can avoid this type of phishing attack, you can find out more details about this over at his website at the link below.

Huntington Bancshares Incorporated (NASDAQ:HBAN) Under Analyst Spotlight
Huntington Bancshares Incorporated (HBAN ) shares fell and closed the day at $13.85, with the percent change of -0.36%. Capital International Inc acquired 86,900 shares as Huntington Bancshares Inc ( HBAN)'s stock declined 11.04%.

Krause said the security loophole has been in place for many years and is yet to be addressed. However, it has been discovered that hackers can use this method to steal passwords.

To protect yourself from such attacks, Krause suggests that you hit the Home button when the prompt pops up. In order for it to be remedied, Krause says that Apple could make adjustments to the way apps request Apple ID passwords.

Even if you have two-factor authentication (2FA), what's to stop an app developer from asking for your 2FA key as well?

"This could easily be abused by any app..." Apple went so far as to include a reminder to use Apple-certified screen fix services in the update notes, something I haven't seen before.

Krause adds a few potential solutions to the problem, such as forcing the user to input their password in the settings app instead of a pop-up.

Share