Wednesday, Oct 18, 2017 | Last Update : 08:02 PM IST

Constant iOS password pop-ups could be a phishing attack knowcking on your door

THE ASIAN AGE
Published : Oct 12, 2017, 5:28 pm IST
Updated : Oct 12, 2017, 5:29 pm IST

Hackers are using a different approach to carry phishing attacks on iOS devices.

It is advised to enter your Apple ID credentials only if Apple’s own apps ask for it
 It is advised to enter your Apple ID credentials only if Apple’s own apps ask for it

Apple’s iOS considered to one of the most secure platforms in the world of computers. The reason for this is Apple’s stringent measures for keeping complete control over the software. Despite this, hackers with malicious intentions manage to find ways to steal valuable information. One such method has crept up in a recent incident that happened to an iPhone user.

According to a report from Motherboard, Lorenzo Franceschi-Bicchierai, an iPhone user received a password prompt on the Giallo Zafferano cooking app, like the ones that iOS asks for while configuring settings. The author knew that Apple doesn’t let third-party apps ask for Apple ID and therefore decide to press the home button. Worried whether his iPhone was a victim of malware, he contacted Felix Krause, an iOS developer.

The developer in reply said that it is very easy for hackers to imitate the iOS’ password prompt box with the help of a mere 30 lines of coding. Had the author filled in his password, he could have become the victim of a phishing attack. The people who design these attacks are so clever that it would be difficult to trace the source.

Therefore, it is advised to enter your Apple ID credentials only if Apple’s own apps ask for it. The developer has suggested one way that possible detect whether some phishing attack is about to take place — press the home button and if the box doesn’t reappear, then it would be wise to report the issue to the developers. Moreover, one should prefer to input the passwords and other credentials of any account in the Settings menu of his/her iPhone or iPad. Even for Android devices, it is always preferable to avoid giving in account credentials to websites and apps that appear malicious in their intentions.

(source)

Tags: apple, apple ios, phishing attacks, malware