Don't let iOS apps steal your Apple ID password! Here's how to protect yourself

Security researcher Felix Krause warns iOS device owners about apps stealing Apple ID credentials.

app store sale
An iPhone 6s phone (Pixabay)

There are lots of reasons why you should keep your Apple ID credentials a secret. For one, cybercriminals can use your password to purchase anything from the App Store. You don't want to see your wallet's history with unknown purchases, do you?

Security research Felix Krause has warned iOS device owners recently about two things that many may not have known. First, allowing app permission to use the camera can track GPS location and even take photos and videos without you knowing. Most recently, he has underscored that apps can also steal Apple ID credentials.

Also read: Major Wi-Fi security flaw affects all internet users in Singapore

According to Krause's blog post, any app has the ability to copy Apple's password dialogue as evidenced in a test he himself conducted using a counterfeit dialogue box. He explains, due to the frequency of Apple asking for passwords, some users could be desensitised by this and just enter their password whenever they are asked.

This is where the cybercriminals come in--they can always take advantage of that and use fake Apple password dialogue box to steal information. He notes that replicating Apple's dialogue box is very easy, that is why he refused to reveal the source code of the pop-up.

Below are the side-by-side comparison of genuine and fake dialogue boxes:

dialogue box phshing
A screenshot of pop-up comparison (Felix Krause/Krausefx)
dialogue box app/game
A screenshot of popup comparison for app/game (Felix Krause/Krausefx)
dialogue box phishing
A screenshot of comparison for email (Felix Krause/Krausefx)

Krause recommends using two-step verification to decrease the chances of criminals. He adds that iOS may be secure, users have to be purposeful in protecting themselves to avoid untoward circumstances in the future.

app store sale
An iPhone 6s phone (Pixabay)

There are lots of reasons why you should keep your Apple ID credentials a secret. For one, cybercriminals can use your password to purchase anything from the App Store. You don't want to see your wallet's history with unknown purchases, do you?

Security research Felix Krause has warned iOS device owners recently about two things that many may not have known. First, allowing app permission to use the camera can track GPS location and even take photos and videos without you knowing. Most recently, he has underscored that apps can also steal Apple ID credentials.

Also read: Major Wi-Fi security flaw affects all internet users in Singapore

According to Krause's blog post, any app has the ability to copy Apple's password dialogue as evidenced in a test he himself conducted using a counterfeit dialogue box. He explains, due to the frequency of Apple asking for passwords, some users could be desensitised by this and just enter their password whenever they are asked.

This is where the cybercriminals come in--they can always take advantage of that and use fake Apple password dialogue box to steal information. He notes that replicating Apple's dialogue box is very easy, that is why he refused to reveal the source code of the pop-up.

Below are the side-by-side comparison of genuine and fake dialogue boxes:

dialogue box phshing
A screenshot of pop-up comparison (Felix Krause/Krausefx)
dialogue box app/game
A screenshot of popup comparison for app/game (Felix Krause/Krausefx)
dialogue box phishing
A screenshot of comparison for email (Felix Krause/Krausefx)

Krause recommends using two-step verification to decrease the chances of criminals. He adds that iOS may be secure, users have to be purposeful in protecting themselves to avoid untoward circumstances in the future.

READ MORE