Experts are warning iPhone users that malicious apps are trying to trick them into giving up their Apple ID and password. In a blog post, Felix Krause shows how easy it is for apps to replicate the Apple log-in pop-up which can be used to steal you credentials.
Many apps will ask you for your password when you try to access system settings or when you make a purchase. But, according to Krause, it is fairly simple for a developer to create an identical pop-up which could then transmit your Apple ID and password to third parties.
He offers some tips on how to find out if the pop-up is legitimate.
Hit the home button, and see if the app quits:
- If it closes the app, and with it the dialog, then this was a phishing attack
- If the dialog and the app are still visible, then it's a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.
He warns not to enter anything into the box, because even if you do not submit, the app still has the information you typed into the app.
Krause offers potential solutions, but it is up to Apple to make those changes. Until then, be careful when you see a pop-up asking for your password. If you are unsure as to why an app needs your log in information, it is better safe than sorry.
You can see other tips and find out more about this potential exploit on his blog.
Photo: Getty Images