Why iPhone phishing scam shouldn't become a problem
With so many great iPhone choices this fall, the iPhone 8 is the best model... to avoid. WSJ Personal Tech columnist Geoffrey A. Fowler puts its new wireless charging, camera and more to the test vs. the less expensive iPhone 7. Photo: F. Martin Ramin/The Wall Street Journal
Apple has stressed it's still a proof of concept.Source:Supplied
APPLE fans were warned about a hypothetical iPhone phishing attack by iOS code expert Felix Krause this week.
The phishing scam he designed mimics the familiar pop-up window on iOS de vices which routinely prompts users to enter their Apple ID password when doing things like downloading apps. It looks exactly the same but itâs designed to steal your password.
The blog post gained major traction this week for showing the potential for hackers to make an easily deceptive iOS app feature, despite it not being in the wild.
âThe goal of this blog post is to close the loophole that has been there for many years, and hasnât been addressed yet,â Mr Krause wrote.
âFor moral reasons, I decided not to include the actual source code of the pop-up, however it was shockingly easy to replicate the system dialogue.â
Apple declined to officially comment on the blog post but stressed the demonstration by Mr Krause remained a proof of concept and was not something currently being experienced by customers.
Ultimately a malicious developer would need to corrupt an app already in the app store or somehow sneak an app with malicious code past t he auditing systems that scrutinise everything about a potential app â" from its code to its appearance â" before being approved to appear in the App Store.
Sebastian OâHalloran develops iOS apps under the moniker Juicy Apps in Hobart, Tasmania, and thinks these days such an app would almost certainly be detected by Apple.
The 18-year-old has been building apps since he was 11, and says he has experienced first hand just how finicky the company can be with its auditing process.
At 14 he designed an app to allow people with intellectual disabilities communicate what they wanted to get from the governmentsâ newly introduced disability care scheme.
Some of his apps have been rejected for relatively âminuteâ things in the past such as âmismatched screenshotsâ that didnât appear to exactly match the appearance of the appâs interface.
âTheyâre incredibly thorough,â he told news.com.au. âThey try to dismiss âscammyâ apps as much as possible.â
âIn saying that there was a couple of apps that got through two or three years ago that were intended for scamming and somehow they got through the system.
âSo Iâm not saying itâs bullet proof.â
In 2013 researchers from the Georgia Institute of Technology found a way to sneak malicious iOS apps past Appleâs review process. Ultimately the apps could be updated after theyâd been approved to carry out harmful actions without triggering security alarms. The researchers shared their successful act of deception in a paper titled: When Benign Apps Become Evil.
In 2015, hackers also managed to sneak malware designed to steal usersâ iCloud passwords onto Chinese apps in the App Store.
These instances have no doubt caused Apple to bolster its review process â" something which it clearly thinks would catch any app like the one made by Mr Krause.
Apple has stressed it's still a proof of concept but the above image goes how the pop up built by Felix Krause looks identical to the real one.Source:SuppliedSource: Google News