Easy to steal iPhone passwords

ios-phishing-proof-of-concept.png

He says it’s possible for criminals to programme apps to run certain code only after Apple has approved it for a spot in the App Store, and that the scheme works because iOS has “trained” users to automatically enter their details without questioning a popup’s legitimacy… More at Independent.

Amazing how most of us will believe the genuine looking popup we see in iOS.

One thought on “Easy to steal iPhone passwords

  1. Yeah, great point. IOS always felt very sheltered and curated and safe.

    And when I recently upgraded, but was having trouble syncing so I switched over to an old iPhone for a bit… man, it was asking for that password all the damn time…

    People should really know about that home button trick – I didn’t. Wonder if it can work on the X?

    A challenge for the IOS review tech staff, the ones that make automatic code inspection, to try and figure out how to see those delayed bombs. Also maybe iOS can be patched to detect certain alert patterns… like if someone called UIAlertController with the usual system prompt, or variations. Of course from there it could be an escalating war of devious dialogs that look close enough to the system prompt vs Apple, but it would be a start.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s