How to: Avoid pass­word­prompt­ing phish­ing scams

Glenn Fleish­man ex­plains how to evade ma­li­cious scams

iPad&iPhone user - - HOW TO -

Un­for­tu­nately, it’s easy for an app de­vel­oper with ma­li­cious in­tent to cre­ate a pop-up di­a­log in iOS that ex­actly re­sem­bles a sys­tem-level mes­sage prompt­ing for a pass­word. Felix Krause, like other iOS de­vel­op­ers and se­cu­rity ad­vo­cates, have taken is­sue with this for years. Krause is the founder of fast­lane, a project de­signed to speed app re­lease by au­tomat­ing all the app-store meta­data and re­quired el­e­ments.

His post on 10 Oc­to­ber re­ceived due at­ten­tion, be­cause he cre­ated vi­su­al­iza­tions of a user in­ter­face prob­lem Ap­ple needs to tackle. Few ma­li­cious apps make their way to the App Store, and they’re usu­ally stopped be­fore they can do much or any harm. How­ever, an at­tacker who sub­verted an app’s in­ter­nal repos­i­to­ries and was able to insert code could do just as much harm as an app de­signed to phish in­ten­tion­ally.

Here’s how to avoid be­ing suck­ered into one of th­ese fake pass­word prompts in a ma­li­cious app: Don’t en­ter your pass­word into a pop-up that ap­pears while you’re us­ing a third-party app Press the Home but­ton. If iOS re­turns you to the home screen and the pass­word di­a­log dis­ap­pears, then the app gen­er­ated the pop-up If so, re­port this to Ap­ple im­me­di­ately and unin­stall the app Krause ad­vises go­ing di­rectly to the Set­tings app to en­ter pass­words that the sys­tem re­quests.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.