There are lots of reasons why you should keep your Apple ID credentials a secret. For one, cybercriminals can use your password to purchase anything from the App Store. You don't want to see your wallet's history with unknown purchases, do you?
Security research Felix Krause has warned iOS device owners recently about two things that many may not have known. First, allowing app permission to use the camera can track GPS location and even take photos and videos without you knowing. Most recently, he has underscored that apps can also steal Apple ID credentials.
Also read: Major Wi-Fi security flaw affects all internet users in Singapore
According to Krause's blog post, any app has the ability to copy Apple's password dialogue as evidenced in a test he himself conducted using a counterfeit dialogue box. He explains, due to the frequency of Apple asking for passwords, some users could be desensitised by this and just enter their password whenever they are asked.
This is where the cybercriminals come in--they can always take advantage of that and use fake Apple password dialogue box to steal information. He notes that replicating Apple's dialogue box is very easy, that is why he refused to reveal the source code of the pop-up.
Below are the side-by-side comparison of genuine and fake dialogue boxes:
Krause recommends using two-step verification to decrease the chances of criminals. He adds that iOS may be secure, users have to be purposeful in protecting themselves to avoid untoward circumstances in the future.
