Was the V for Vendetta guy even a hacker?

iOS: Security researcher Felix Krause is killing it this month, if “it” means iPhone users’ sense of security. We recently covered two of his security warnings: If you give an app permission to use your camera, it can also track your location and even secretly take photos and videos. Now he points out that if you’re not careful, any app could easily steal your Apple ID

The problem, Krause says, is any app could easily imitate Apple’s password dialog. (He even built a proof of concept.) And if you use an iPhone or iPad, you know that Apple is almost constantly asking for your password. So you get desensitized to it, so whenever you’re asked, you just enter it in. An app can just swoop in with a fake password prompt, like so:

There’s an easy way to avoid this, but you have to remember it whenever your phone asks for your password: Hit the home screen. If the app closes and the password prompt disappears, then it was fake. If the password pop-up is really from Apple, it will stay on the screen until you hit Sign In 要么 Cancel

If you’ve enabled two-factor authentication for your Apple ID, then you’re still a little safer. But it’s still very dangerous to hand out your password, especially if you’ve reused it, or if there’s any danger of anyone with your password getting physical access to your device.

This phishing attack is one of the things Apple’s app store is supposed to screen out. But Krause points out that many apps have snuck by with bad behavior before, and even lists ways that apps could hide this attack from Apple. He believes Apple owes its customers a better design, which would clearly distinguish real password requests from fake ones. Until then, it’s on users to stay vigilant.




我们是一个系统的工作,以提高网站的质量,并通过检查文章,新闻和质量奖励活跃用户,非常感谢您改善 Business Monkey News!

如果该项目是错误的,这错译或丢失的信息,您可以编辑它,通知评论(我们将更正),也可以 查看原文章在这里: (原语言条)