While Apple’s iOS software has many great features it is not perfect by any stretch.
One of those less-than-perfect examples is that sometimes you will get an awful lot of iCloud or iTunes Store login pop-ups. We all know the ones, they appear after we’ve updated our phones and seemingly won’t disappear until we’ve inputed the right password.
Well now a mobile app developer has discovered that it is shockingly easy to recreate these login boxes and then trick users into handing over their email and password.
In a blog post, Felix Krause shows how you can create a fake login box that looks pretty much identical to the official Apple login box.
Comparing the two side-by-side there’s no way that a person would be able to tell them apart.
In creating the fake login box, Krause called the whole process “shockingly easy” while pointing out that it perfectly capitalises on a now almost subconscious action that we all perform.
These boxes appear so often that it has just become second nature for many of us to fill them in without thinking just to get them to disappear.
So who do we protect agains these?
As Krause points out there are a number of reasons why you’re very very unlikely to ever encounter a fake login box.
For starters they have to be built into the app, which means getting it past Apple’s very strict approval process. Secondly you would need to have downloaded a malicious app, which in turn can be avoided through some checking of the app’s permissions etc.
Most importantly though is activating two-factor authentication.
This simple security addition requires an extra step in the logging in process that asks you to input a number either sent to another Apple device or sent over in the form of a text message.
Finally, and this is perhaps the most simple test of all, Krause recommends just pressing the Home button on your iPhone or iPad. If the login screen disappears then it’s likely that it’s a fake. If it stays however then it’s probably an official login box from Apple.