There's a much lower chance of downloading a corrupt application on
the App Store than on Google Play because Apple's review teams check all
apps before approving or rejecting them for a variety of reasons.
However, the developer of apps Felix Krause has shown that it is quite easy to steal a user's iCloud password by copying an iOS system alert and displaying it in an app with malicious code.Occasionally, popups or dialog windows appear asking for the user's iCloud password most often in the App Store, but also sometimes outside.
Felix Krause showed that a developer with bad intentions could easily mimic this dialog and include these lines of code in an app, which would record what the user has entered.
According to him, this does not require more than "30 lines of code" to make a phishing attempt in an iOS app.
Fortunately, no iOS app has been listed using this type of hacking and it is possible to ensure the legitimacy of a system alert by following some recommendations.
Felix Krause explains that it suffices to press the Home button if such a window appears, if the app closes and with it the dialogue window, then it was an attempt to steal password. If the dialog window remains displayed, then it is an iOS system alert.
To avoid any danger, it is also possible to close the dialogue window by pressing "cancel" and go to the settings of iOS to enter his password.
Felix Krause warned Apple and suggested several fixes, such as adding a visual element to indicate whether or not it is an iOS system alert.Source
However, the developer of apps Felix Krause has shown that it is quite easy to steal a user's iCloud password by copying an iOS system alert and displaying it in an app with malicious code.Occasionally, popups or dialog windows appear asking for the user's iCloud password most often in the App Store, but also sometimes outside.
Felix Krause showed that a developer with bad intentions could easily mimic this dialog and include these lines of code in an app, which would record what the user has entered.
According to him, this does not require more than "30 lines of code" to make a phishing attempt in an iOS app.
Fortunately, no iOS app has been listed using this type of hacking and it is possible to ensure the legitimacy of a system alert by following some recommendations.
Felix Krause explains that it suffices to press the Home button if such a window appears, if the app closes and with it the dialogue window, then it was an attempt to steal password. If the dialog window remains displayed, then it is an iOS system alert.
To avoid any danger, it is also possible to close the dialogue window by pressing "cancel" and go to the settings of iOS to enter his password.
Felix Krause warned Apple and suggested several fixes, such as adding a visual element to indicate whether or not it is an iOS system alert.Source
0 Response to "became easy Steal the iCloud password of an iPhone user by a developer!"
Post a Comment