Beware: a simple trick iPhone and iPad will make you provide the password hackers

Typically, hackers want to take over your accounts, they need to look for hidden security vulnerabilities or Untitleddeveloping complex code. But sometimes, all they have to do is be a little creative to get the details are sensitive and our most important.
You press OK? The name and password were force
The security hole is found in any iPhone or iPad version 8.3 security researcher discovered a Czech named Jan Sotz’k and published a ArsTechnica. The investigator found the new operating system Apple is unable to identify and block email messages posing as system messages. Therefore, a simple email message that comes to you can make you provide the user name and the password of your iCloud all valid. The attack is carried out using simple HTML code that emulates the dialogue box or an entrance (Login) of the iCloud service. Unsuspecting users mistakenly think that this is a standard system message, type the e-mail and password, click OK and did not know that at this moment they submit the details of their access to a remote server.
Sotz’k even created a demo (POC) of the hole and put the malicious code to GitHub. Czech researcher explained that the bug report to Apple in January this year, however, who has not been a response, he decided to publish this security hole.
It is important to emphasize that, unlike phishing messages (phishing, phishing) entice you to click on a specific link leading to the site was like, this security hole allows attackers to send an email message automatically boosts, without the user’s clicking, so the message also look quite authentic. In addition, it is important to remember that in iOS, it is quite common to encounter a dialogue box that asks your name and password to iCloud, as usually done after any app updated or after the server connection.
Until Apple releases a new update of its operating system, our recommendation is to make sure to use two-step authentication (Two Step Verification). Thus, even if the attackers will get your password and try to connect to the service on your behalf, Apple’s servers recognize that an unfamiliar computer and require them to type the resulting code to your smartphone.
Video: So you could steal your password

Leave a Reply

Your email address will not be published. Required fields are marked *