Mobile app developer Felix Krause has revealed that the iOS is vulnerable to phishing.
In his personal blog, Krause detailed how attackers could use the pop-up dialogue boxes as a means of tricking a user into entering their Apple ID password voluntarily. While there seems to be no difference between the legitimate pop-up and the phishing attack pop-up, Krause made a proof-of-concept app to show the security vulnerability in iOS and explained that the only way to distinguish the fake from the real one is by pressing the device’s home button.
According to Krause, pressing the home button would result in the closing of the fake pop-up along with whatever app it appears in. Hence, if a user is playing a game when the fake pop-up appears, pressing the home button will close the pop-up, along with the game he is playing with.
Krause also went to explain that a legitimate pop-up that asks for the user’s password would not close even after the home button has been pressed. According to the mobile app developer, the reason for which is that a real system pop-up runs on a different process from that of a standard app.
Because of what he discovered, Krause suggested that it would be better if an app’s icon is included in the pop-up dialogue boxes. This way, Krause believes, it would be easier for users to identify an app pop-up from a system pop-up or, more importantly, a fake pop-up from a real pop-up.
Krause also advises users of Apple devices to use 2-factor verification processes to increase the security of their devices. This way, if an attacker succeeds in obtaining one password, he will have to go through other security processes, which will limit his chances of carrying out his phishing attack successfully.
The mobile app developer also opines that iOS should not constantly ask Apple devices users for credentials so that they will not be prone to phishing activities.
“Initially I thought, faking those alerts requires the app developer to know your email. Turns out, some of those auth popups don’t include the email address, making it even easier for phishing apps to ask for the password,” Krause said.
WHAT DO YOU THINK?- We have all sinned and deserve God's judgment. God, the Father, sent His only Son to satisfy that judgment for those who believe in Him. Jesus, the creator and eternal Son of God, who lived a sinless life, loves us so much that He died for our sins, taking the punishment that we deserve, was buried, and rose from the dead according to the Bible. If you truly believe and trust this in your heart, receiving Jesus alone as your Savior, declaring, "Jesus is Lord," you will be saved from judgment and spend eternity with God in heaven.
What is your response?
If you are not a Christian, and would like to become a Christian. Simply say - "LORD Jesus, thank you for forgiving me of my SINs, today I am deciding to follow you. Accept me into your family, in Jesus name I pray. Amen "
If you still have questions , click here to Contact Us, we are here to help
Unless otherwise specified, the news and opinions expressed are solely the source's and author's and do not necessarily reflect the views of The Christian Mail.