According to the findings of Felix Krause, a mobile app developer and founder of Fastlane, there is a flaw in iOS that is potentially dangerous for the security of users’ passwords. In his blog post, Krause explained that cybercriminals could use pop-up dialog boxes to carry out phishing attacks so that an unsuspecting user could be tricked into providing his/her Apple ID password. It is worth noting that phishing attacks are conducted to get sensitive data such as credit card number or password or private information by stealing login data or infecting the device with malicious software.
To prove his findings, Krause developed a proof-of-concept showing that the security flaw indeed exists in iOS and wrote that there is just one method of differentiating the fake pop-up from the authentic one, which is by pressing the Home button. When this button is pressed, the fake pop-up dialog box will automatically close along with the app on which it appeared. For instance, if the user was playing a game and the fake pop-up appeared, by pressing the Home button the game will be closed and so will be the pop-up.
A genuine pop-up will not be closed when the Home button is pressed because it will be running on an entirely different process while the fake pop-up will run on a standard app. Furthermore, the fake system of pop-up was quite easy to create (with just 30 lines of code to be written).
To read the original article: