IPhone Apps With Fake Login Popups Can Steal Your Passwords

IPhone Apps With Fake Login Popups Can Steal Your Passwords

Apple iOS code researcher Felix Krause this week demonstrated just how simple it is to create a fake login form and steal personal details.

Apple on Monday released iOS 11.0.3, the third update to the iOS 11 platform and the second to rollout in the last couple of weeks.

Those are fixes for Apple to take on at some point in the future, but for the time being it is up to users to use caution and protect themselves to avoid falling victim to such a scam. If the login screen remains, it's a system dialog box and it is safe to enter a password.

If you hit the Cancel button on a dialog, the app still gets access to the content of the password field.

Mr Krause said malicious developers can turn on alerts inside their apps that look nearly identical to Apple's pop-ups using a simple bit of code.

Ola raises $1.1b to take on Uber
In addition, the company said it was in talks with other investors that it hopes will lead to an additional $1 billion of capital. It recently invested in Grab, Uber's rival in Singapore, and has a stake in Didi Chuxing in China.

The prompt to key in your password for your Apple ID tied to the device can appear for various reasons, like updating iOS, when certain apps require access to iCloud, or when making in-app purchases. "Those popups are not only shown on the lock screen, and the home screen, but also inside random apps". In the event the app closes along with the popup, it was a phishing attack, but where the app and password prompt remain on screen, it's a legitimate request.

"This could easily be abused by any app..."

You should also always have two-factor authentication activated on your Apple account for an extra layer of security.

If you use your Apple ID password elsewhere, like your online banking service, cyber criminals could use it to crack your accounts.

Users can also dismiss the dialog box entirely and go directly to their Settings app to enter their password manually. That being said, it should be pointed out that this phishing method isn't exactly new and that Apple usually checks apps for this before being accepted to the App Store.

Related Articles