IPhone passwords 'shockingly easy' to steal from iOS users

Postado Outubro 12, 2017

Apple iOS code researcher Felix Krause this week demonstrated just how simple it is to create a fake login form and steal personal details.

You should also know that the new emojis will be available on all Apple OS: "The new emoji will debut in next week's developer and public beta previews of iOS 11.1, and will be available in upcoming software updates for iOS, macOS and watchOS". As you can see in the screenshot above, this comes in the form of a password request that looks pretty much identical to the one that Apple uses themselves. So, what can you do to protect yourself now? It's absolutely vital that you do that before going ahead with the tutorial. He also adds that any data in the text field of the fake password prompt can be harvested even if you hit cancel. If it goes away and closes the app, then it is tied in with the app, but if it remains then it is a genuine iOS system request.

Mobile app developer Felix Krause, based in Vienna, Austria, published a proof-of-concept on his blog on Tuesday that showed how easy it is to copy Apple's "Sign In to iTunes Store" prompt to take a user's password.

The prompt to key in your password for your Apple ID tied to the device can appear for various reasons, like updating iOS, when certain apps require access to iCloud, or when making in-app purchases.

"This could easily be abused by any app..."

iPhone owners can also enable two-factor authentication in order to access their Apple account. Because many people use the same password for multiple accounts, hackers are likely to try to login using the stolen username and password on other services.

Mr Krause says he was able to create the lookalike popup with less than 30 lines of code, and that "every iOS engineer" would be capable of creating their own phishing code.