iOS Users Can Be Easily Tricked Into Revealing Their Apple ID Password: Report

Advertisement
By Gadgets 360 Staff | Updated: 11 October 2017 11:44 IST
Highlights
  • There is a potential design flaw in iOS
  • The system-level password dialog box can be easily replicated by an app
  • Apple hasn't addressed the matter yet

There is a potential design flaw in iOS, Apple's mobile operating system, that allows any developer to recreate a genuine-looking password pop-up menu in their apps, as per s security researcher. The problem? iOS users are accustomed to seeing that pop-up menu at random times, a fact that a rogue developer could abuse. Since there is no way to tell the password dialog created by an app from the system-level pop-up, a user can easily be tricked into sharing their most sensitive information with the fraudulent agent thanks to the spoofing.

The flaw, which has existed for years, was spotted by Felix Krause, an iOS developer. According to Krause, it is very easy to replicate the dialog box. On its part, Apple has over the years done a poor job with how it asks users to interact with the dialog box. Users are used to seeing the box at random hours and entering their details, he said.

Spot the difference. There isn't one.
Photo Credit: Felix Krause

Advertisement

There is no evidence that a developer has ever tried to abuse this flaw, but one can't really tell even if it has happened. The only company that may have some information is Apple, which as usual remains tightlipped. "It is concerning to think that is all it would take to display a convincing dialog," Will Strafach, an iOS hacker and developer, tweeted.

Advertisement

"It's long past time that Apple removes the random password popups that plague iOS. They're a security flaw that should not exist in 2017," Marco Arment, a prominent iOS developer tweeted. "I'm sure whoever's responsible for them has some reasons they think are good for why they need to be there. They're not, and they don't."

As we wait for Apple to do something, Krause has found a stopgap solution that users can use to know when the password dialog they are seeing is genuine. Hit the home button. If it's a system-level dialog, it will stick around. If it's generated by an app, it would go away.

Advertisement

Additionally, "always close the dialog, and open the iCloud settings manually, and only enter [the password] there," Krause said.

 
Post your comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Further reading: iOS, Security, Mobiles, Apple
OnePlus Said to Be Collecting Unanonymised User Data, Company Responds
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. CNAP vs Truecaller: Which Is Better at Identifying Spam Calls?
  2. Samsung Galaxy S26 Series Roundup: Everything That We Know So Far
  3. Samsung Could Offer Galaxy S26 Series at the Same Price as Last Year
  4. LED Video Walls to Power ViewSonic India's Rs. 500 Crore Growth Ambition for 2026
#Latest Stories
  1. BSNL Launches Wi-Fi Calling Service Across All Circles in India for Improved Connectivity
  2. Samsung Galaxy S26, Galaxy Z Fold 8 to Reportedly Evade Price Hike Amid RAM Shortage; Launch Date Tipped
  3. Quantum Haloscope Sharpens the Search for Dark Matter Axions at Higher Frequencies
  4. Rare Interstellar Object 3I/ATLAS Fails Alien Test, Scientists Say
  5. CNAP vs Truecaller: How India’s Official Caller ID System Differs From the Popular App
  6. Prayagraj Ki Love Story Set to Stream Soon on Hungama OTT
  7. Mask OTT Release Date: When and Where to Watch This Action-Packed Thriller Online?
  8. New Year 2026 Custom Greetings: 5 Best AI Prompts for ChatGPT, Gemini, and Other AI Tools
  9. NASA’s Chandra Spots Champagne Cluster Formed by a Massive Galaxy Collision
  10. NASA’s Curiosity Rover Sends Stunning Sunrise-and-Sunset Holiday Postcard from Mars
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.