Technology: Why iPhone phishing scam shouldn't become a problem

Why iPhone phishing scam shouldn't become a problem Video Image With so many great iPhone choices this fall, the iPhone 8 is the best mo...

Why iPhone phishing scam shouldn't become a problem

  • Video
  • Image

With so many great iPhone choices this fall, the iPhone 8 is the best model... to avoid. WSJ Personal Tech columnist Geoffrey A. Fowler puts its new wireless charging, camera and more to the test vs. the less expensive iPhone 7. Photo: F. Martin Ramin/The Wall Street Journal

Apple has stressed it's still a proof of concept.Source:Supplied

APPLE fans were warned about a hypothetical iPhone phishing attack by iOS code expert Felix Krause this week.

The phishing scam he designed mimics the familiar pop-up window on iOS de vices which routinely prompts users to enter their Apple ID password when doing things like downloading apps. It looks exactly the same but it’s designed to steal your password.

The blog post gained major traction this week for showing the potential for hackers to make an easily deceptive iOS app feature, despite it not being in the wild.

“The goal of this blog post is to close the loophole that has been there for many years, and hasn’t been addressed yet,” Mr Krause wrote.

“For moral reasons, I decided not to include the actual source code of the pop-up, however it was shockingly easy to replicate the system dialogue.”

Apple declined to officially comment on the blog post but stressed the demonstration by Mr Krause remained a proof of concept and was not something currently being experienced by customers.

Ultimately a malicious developer would need to corrupt an app already in the app store or somehow sneak an app with malicious code past t he auditing systems that scrutinise everything about a potential app â€" from its code to its appearance â€" before being approved to appear in the App Store.

Sebastian O’Halloran develops iOS apps under the moniker Juicy Apps in Hobart, Tasmania, and thinks these days such an app would almost certainly be detected by Apple.

The 18-year-old has been building apps since he was 11, and says he has experienced first hand just how finicky the company can be with its auditing process.

At 14 he designed an app to allow people with intellectual disabilities communicate what they wanted to get from the governments’ newly introduced disability care scheme.

Some of his apps have been rejected for relatively “minute” things in the past such as “mismatched screenshots” that didn’t appear to exactly match the appearance of the app’s interface.

“They’re incredibly thorough,” he told news.com.au. “They try to dismiss ‘scammy’ apps as much as possible.”

“In saying that there was a couple of apps that got through two or three years ago that were intended for scamming and somehow they got through the system.

“So I’m not saying it’s bullet proof.”

In 2013 researchers from the Georgia Institute of Technology found a way to sneak malicious iOS apps past Apple’s review process. Ultimately the apps could be updated after they’d been approved to carry out harmful actions without triggering security alarms. The researchers shared their successful act of deception in a paper titled: When Benign Apps Become Evil.

In 2015, hackers also managed to sneak malware designed to steal users’ iCloud passwords onto Chinese apps in the App Store.

These instances have no doubt caused Apple to bolster its review process â€" something which it clearly thinks would catch any app like the one made by Mr Krause.

Apple has stressed it's still a proof of concept but the above image goes how the pop up built by Felix Krause looks identical to the real one.

Apple has stressed it's still a proof of concept but the above image goes how the pop up built by Felix Krause looks identical to the real one.Source:Supplied

Source: Google News

COMMENTS

Nama

AUS,50,Business,2,Entertainment,1,Technology,1,Update,5,World,5,
ltr
item
Netizen 24 Australia: Technology: Why iPhone phishing scam shouldn't become a problem
Technology: Why iPhone phishing scam shouldn't become a problem
http://cdn.newsapi.com.au/image/v1/879563c861409bccef4b0b1e0be429cb
Netizen 24 Australia
http://www.australia.netizen24.com/2017/10/technology-why-iphone-phishing-scam.html
http://www.australia.netizen24.com/
http://www.australia.netizen24.com/
http://www.australia.netizen24.com/2017/10/technology-why-iphone-phishing-scam.html
true
2333875268351606089
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy