Developer Shows Off iOS Phishing Attack That Is Very Convincing

iOS Phishing Attack Masks Itself As Apple-Style Password Request

Proof-of-concept demonstrates how easy it is to fool Apple users with a simple popup

Felix Krause has shown of a proof of concept that could be used to steal peoples login information.

He wrote in a blog post that Apple's reliance on asking users to regularly enter their passwords to undertake a range of functions presents a security hole that could easily be used by hackers to steal user credentials.

If the dialog and the app are still visible, then it's a system dialog.

You should also know that the new emojis will be available on all Apple OS: "The new emoji will debut in next week's developer and public beta previews of iOS 11.1, and will be available in upcoming software updates for iOS, macOS and watchOS".

An Apple iPhone smartphone appears as a silhouette in Zenica, Bosnia, May 17, 2013.

Facebook announces $199 Oculus Go standalone VR headset
There's no phone or PC required, and it's much more affordable when compared to existing VR headsets on the market. He's now revealed that Oculus' wireless Santa Cruz headset will be with developers with in next 12 months.

Apple iOS asks for your iTunes account password for various reasons, be it OS updates, for purchases, changing your device pin, etc. "This is a tricky problem to solve, and Web browsers are still tackling it; you still have websites that make popups look like macOS/iOS popups so that many users think [are] system message [s]". Krause also shares a tip on how to tell if it is a phishing attempt, and all users have to do is press the home button when they receive the popup. That being said, it should be pointed out that this phishing method isn't exactly new and that Apple usually checks apps for this before being accepted to the App Store.

Worryingly, the side-by-side comparisons of an official iOS popup and a phishing copy are impossible to distinguish between, so we'd have just plonked our password straight into the sweaty palms of a hacker without even realising it.

"This could easily be abused by any app..."

The developer who made the discovery recommends that you simply don't enter your details into a popup, but rather dismiss it, and open the Settings app manually. See for more information.

Latest News