• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
WebSetNet

WebSetNet

Technology News

  • Technology News
    • Mobile
    • Games
  • Internet Marketing
  • System Admin
    • Windows
    • Linux
    • Mac & Apple
    • Website Scripts
      • Wordpress

Beware of sketchy iOS popups that want your Apple ID

August 5, 2020 by Martin6

One of iOS’ rougher edges are the popups it produces on a regular but seemingly random basis. These popups require users to enter their Apple ID before they can install or update an app or complete some other mundane task. The prompts have grown so common most people don’t think twice about them.

Mobile app developer Felix Krause makes a compelling case that these popups represent a potential security hole through which attackers can steal user credentials. In a blog post published Tuesday, he showed side-by-side comparisons, pictured above, of an official popup produced by iOS and a proof-of-concept phishing popup. The lookalike popups require less than 30 lines of code and could be sneaked into an otherwise legitimate app that has already found its way into Apple’s App Store.

The popups are a common part of the iOS experience for many users, this author included. They can present themselves at a variety of times, including when people want to make an in-app purchase, after they’ve recently installed an iOS update, or when an app gets stuck installing. The root of the problem is that many of Apple’s official password prompts are indistinguishable from ones generated by apps. Most users respond by blindly trusting their password with either one.

“iOS should very clearly distinguish between system UI and app UI elements, so that ideally it’s… obvious for the average smartphone user that something seems off,” Krause wrote. “This is a tricky problem to solve, and Web browsers are still tackling it; you still have websites that make popups look like macOS/iOS popups so that many users think [they are] system message[s].”

Krause noted that some prompts generated by iOS look like the one to the right. It might serve as a model for all system-generated password prompts.

He suggested Apple create a uniform look for official iOS password prompts that can’t be easily mimicked by apps. Ars has asked Apple to comment on the proposal but didn’t receive a response by the time this post went live. We’ll update if we get one later.

In the meantime, iOS users can protect themselves by doing the following when they encounter a password popup: hit the home button. If the app and password prompt close, the prompt was likely a phishing attempt. If the dialog and app remain visible, the dialog was generated by iOS. Krause also suggested never entering passwords into any dialog box. Instead, we should dismiss it, manually open the iOS settings window, and enter the password there.

Of course, people should strongly consider using Apple’s two-factor authentication, which requires users to enter a verification number in addition to supplying a password. The protection is worth using, but it can be phished in much the same way a password can. For that reason, 2fa shouldn’t be seen as a solution for the problem Krause has highlighted. Krause also said Apple’s app-vetting process—which was designed to prevent attackers from sneaking malicious titles into the App Store—isn’t an adequate remedy because attackers can always find ways to bypass the measure.

Source

Related posts:

  1. Apple Watch tips and tricks: Hidden secrets of watchOS revealed
  2. Apple Watch tips and tricks: Hidden secrets of watchOS revealed
  3. Apple Watch tips and tricks: Hidden secrets of watchOS revealed
  4. Best iPhone apps 2020: The ultimate guide
  5. New iPhone firmware fixes audio and haptic feedback issues in iPhone 7
  6. How to reset Apple ID if you forgot the password
  7. Apple iCar release date, design & price rumours
  8. macOS Catalina: Latest Version, Updates, Problems, Fixes & Features
  9. The best free iPhone games on the planet
  10. iOS 14 latest version, problems & new features coming to iPhone

Filed Under: Technology News

Primary Sidebar

Trending

  • How to fix Windows Update Error 80244019
  • Windows 10 Update keeps failing with error 0x8007001f – 0x20006
  • How To Change Netflix Download Location In Windows 10
  • Troubleshoot Outlook “Not implemented” Unable to Send Email Error
  • How do I enable or disable Alt Gr key on Windows 10 keyboard
  • How To Install Android App APK on Samsung Tizen OS Device
  • 3 Ways To Open PST File Without Office Outlook In Windows 10
  • FIX: Windows Update error 0x800f0986
  • How to Retrieve Deleted Messages on Snapchat
  • Latest Samsung Galaxy Note 20 leak is a spec dump revealing key features
  • Install Android 7.0 Nougat ROM on Galaxy Core 2 SM-G355H
  • 192.168.1.1 Login, Admin Page, Username, Password | Wireless Router Settings
  • Websites to Watch Movies Online – 10+ Best Websites Without SignUp/Downloading
  • How to Backup SMS Messages on Your Android Smartphone
  • How to delete a blank page at the end of a Microsoft Word document
  • Fix: The Disc Image File Is Corrupted Error In Windows 10
  • Android 11 Custom ROM List – Unofficially Update Your Android Phone!
  • Samsung Galaxy Z Fold 3 could be scheduled for June 2021, with S Pen support

Footer

Tags

Amazon amazon prime amazon prime video Apple Application software epic games Galaxy Note 20 Galaxy S22 Plus Galaxy S22 Ultra Google Sheets headphones Huawei icloud Instagram instant gaming ip address iPhone iphone 12 iphone 13 iphone 13 pro max macOS Microsoft Microsoft Edge Mobile app office 365 outlook Pixel 6 Samsung Galaxy Samsung Galaxy Book 2 Pro 360 Samsung Galaxy Tab S8 Smartphone speedtest speed test teams tiktok Twitter vpn WhatsApp whatsapp web Windows 10 Windows 11 Changes Windows 11 Release Windows 11 Update Windows Subsystem For Android Windows 11 Xiaomi

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org