News
News Categories

This iOS flaw could trick you into revealing your iCloud password

By Koh Wanzi - on 11 Jun 2015, 6:08pm

This iOS flaw could trick you into revealing your iCloud password

Dangerous HTML code embedded in incoming emails could call up spurious dialogue boxes that prompt you to reveal your iCloud log-in credentials. (Image Source: Ars Technica)

With all the attention surrounding software security flaws and backdoors these days, it’s easy to forget that sometimes the biggest security weakness is human fallibility. A Github researcher called “jansoucek” has discovered a flaw in iOS that can be exploited to trick users into giving up their iCloud passwords.

The latest version of iOS 8.3 apparently doesn't filter out some shady HTML code that could be embedded in incoming emails. No ultra-sophisticated hacks here, just some simple code that calls up a remote HTML form that looks identical to the iCloud log-in window. And if you fall for it and enter your iCloud username and password into the field and hit “OK”, that’s your iCloud account compromised right away.

Fortunately, there are ways to tell the fake form apart from the real one if you’re careful. For instance, the predictive keyboard mode apparently doesn’t turn off like it does with the real log-in dialogue box. The fake log-in window can also be dismissed by simply hitting the Home button on your iPhone, which wouldn’t have worked if it was the real deal.

These things may only be apparent to the eagle-eyed observer, and it’s slightly scary to think how easy it would be to give up your log-in credentials if you weren’t thinking. So watch out people, lest you get embroiled in your own iCloud hacking scandal, sans Jennifer Lawrence.

Source: Jansoucek via Engadget

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.