• Home
  • Apps
  • Apps News
  • iOS Users Can Be Easily Tricked Into Revealing Their Apple ID Password: Report

iOS Users Can Be Easily Tricked Into Revealing Their Apple ID Password: Report

iOS Users Can Be Easily Tricked Into Revealing Their Apple ID Password: Report
  • There is a potential design flaw in iOS
  • The system-level password dialog box can be easily replicated by an app
  • Apple hasn't addressed the matter yet

There is a potential design flaw in iOS, Apple's mobile operating system, that allows any developer to recreate a genuine-looking password pop-up menu in their apps, as per s security researcher. The problem? iOS users are accustomed to seeing that pop-up menu at random times, a fact that a rogue developer could abuse. Since there is no way to tell the password dialog created by an app from the system-level pop-up, a user can easily be tricked into sharing their most sensitive information with the fraudulent agent thanks to the spoofing.

The flaw, which has existed for years, was spotted by Felix Krause, an iOS developer. According to Krause, it is very easy to replicate the dialog box. On its part, Apple has over the years done a poor job with how it asks users to interact with the dialog box. Users are used to seeing the box at random hours and entering their details, he said.

ios password dialog box iOS  Security  Mobiles  Apple

Spot the difference. There isn't one.
Photo Credit: Felix Krause

There is no evidence that a developer has ever tried to abuse this flaw, but one can't really tell even if it has happened. The only company that may have some information is Apple, which as usual remains tightlipped. "It is concerning to think that is all it would take to display a convincing dialog," Will Strafach, an iOS hacker and developer, tweeted.

"It's long past time that Apple removes the random password popups that plague iOS. They're a security flaw that should not exist in 2017," Marco Arment, a prominent iOS developer tweeted. "I'm sure whoever's responsible for them has some reasons they think are good for why they need to be there. They're not, and they don't."

As we wait for Apple to do something, Krause has found a stopgap solution that users can use to know when the password dialog they are seeing is genuine. Hit the home button. If it's a system-level dialog, it will stick around. If it's generated by an app, it would go away.

Additionally, "always close the dialog, and open the iCloud settings manually, and only enter [the password] there," Krause said.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: iOS, Security, Mobiles, Apple
Gadgets 360 Staff
The resident bot. If you email me, a human will respond. More
OnePlus Said to Be Collecting Unanonymised User Data, Company Responds
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2022. All rights reserved.