Beware of your personal info: Hackers found a loophole in iCloud’s security
Apple’s reputation of being more secure as compared to Android might not be the same again. Recently, hackers seem to have been attacking iPhone and iPad users. Jansouceket, a GitHub user, discovered the vulnerability in the iOS since January and lately reported it to Apple. Jansouceket is a white hacker that demonstrated how an attack code could be used in the devices Mail app to penetrate confidential information, including iCloud login prompt.
This early April 2015, since Apple released iOS 8.3, the systems, Mail App stopped preventing dangerous HTML code for the email recipients. One of those lines instructs the Mail app to execute a code remotely. The code commands your computer to produce a form box that mimics the iCloud login form. If the user without any suspicion tries to login, then they are welcoming hackers to start phishing information from what they will acquire from the users login information on the fake iCloud form and they will be able to get more information from the users real iCloud account.
[wpbeautify-video src=”https://www.youtube.com/watch?v=9wiMG-oqKf0″ skin=”skin5″ width=”700″ autoplay=”true”]
However, there is a way to be extra cautious to this attacks. Firstly, the box asks for both your Apple ID and password while the real iCloud only ask for your password since your username is already being displayed. Second of all, the box shouldn’t be a modal, so if users were completely familiar with the real iCloud, they would not fall for this kind of trap. Now we know that the attack is not that perfect. Therefore, this kind of situation can be avoided by being aware and cautious when using the Email app.
Overall, this differences will not be easily noticed at the first time. But being aware of the signs right now could help avoid similar situations that may arise in the future.