Pay Close Attention To Your iOS Pop-Ups

Watch Out For These New iOS Pop-Ups That Want Your Apple ID

One small annoyance well-known to iOS users is the onslaught of pop-ups that appear when trying to do just about anything. They usually require users to enter their Apple ID before downloading a new app or buying something within an app. With how often they show up on a daily basis, most people just fill them out without thinking about it.

You might want think about it now, though.

Mobile app developer Felix Krause has found a vulnerability in iOS that allows someone to create a fake pop-up that looks identical to the real thing. These counterfeit pop-ups require less than 30 lines of code and can be attached to legitimate apps already on the app store. If you were to enter your Apple ID information into this pop-up, it would be sent straight to the hacker instead of Apple. This practice is known as phishing.

Krause has suggested that Apple should create a uniform look for all official iOS pop-ups. Then, make those pop-ups more unique so that they can’t be mimicked by apps.

How can you protect yourself?

Since these pop-ups look identical to the real thing, they can fool even a seasoned professional. However, there are a few things iOS users can do to protect themselves from theft.

When you see a pop-up asking you to enter your account information, try hitting the home button. If this closes the app and pop-up, it was probably a phishing attack. If the pop-up and app remain visible, then it is likely an official system dialog. Official pop-ups run on a different process and don’t come from within any app.

Another method to avoid this attack is to dismiss the pop-up by hitting cancel, then open the Settings app manually. You can then enter your credentials there. This is similar to never clicking on links in emails and instead typing the URL in yourself. Both practices are meant to avoid these phishing attacks.

Make sure you use the above methods before typing anything into the pop-ups. If you hit Cancel on the popup, the attacker already has whatever you have typed in. even if you haven’t hit OK yet.

(Image Source: iCLIPART)