Beware of iCloud login prompts: A new security flaw lets hackers steal your info

iPhone icloud
Apple’s mobile operating system iOS has a reputation for being more secure than Android, but recently, it seems that more hackers are targeting iPhone and iPad users. A GitHub user by the name of Jansouceket discovered yet another iOS vulnerability back in January and reported it to Apple. The friendly hacker demonstrated how an attack code can be used in the Mail app to steal users’ iCloud logins and other sensitive information.

Apparently, ever since Apple released iOS 8.3 in early April, the Mail app has stopped removing potentially dangerous HTML code from the emails users receive. One tag instructs the Mail app to download and execute code remotely. The command then brings up a form box, which mimics the appearance of an iCloud log in request box. If the user logs in, the hacker can then steal his or her iCloud account user name and password. With these two pieces of information, the hacker can steal other personal information stored in iCloud.

“This bug allows remote HTML content to be loaded, replacing the content of the original email message,” Jansoucek wrote. “JavaScript is disabled in this UIWebView, but it is still possible to build a functional password ‘collector’ using simple HTML and CSS [cascading style sheets].”

To make matters worse, the vulnerability places a tracking cookie in the Mail app, so that the code doesn’t execute the same command every time the infected email is opened in the app. That way, the user doesn’t get suspicious of the message or notice the link between that specific email and the iCloud login prompt. Additionally, the hacker can change the code at any time to access different information.

Luckily, there is a trick iOS users can employ to protect themselves from the hack. Although the malicious code does a pretty good imitation of the iCloud login box, it isn’t perfect. First off, the box asks for both your Apple ID and your password, while iCloud typically asks for only your password and already displays your user name. Secondly, the box isn’t modal, so the background doesn’t fade and the screen isn’t static when the prompt comes up. Additionally, keyboard suggestions remain activated, which is something that never happens when you receive an iCloud prompt on iOS.

Of course, these differences are subtle, and many won’t notice them. Apple has yet to respond, but hopefully the patch will come soon. Until then, the next time you see an iCloud login request, check for these telltale signs to ensure that you’re not being hacked.


Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

A 20-year-old security flaw in the design of the Wi-Fi standard and how computers communicate using the transmission control protocol could allow hackers to perform a web cache poisoning attack to steal your data and login information.

Need a do-over? Here's how to factory reset an iPhone, from XS on down

Resetting an iPhone can alleviate all sorts of software woes, and wipe away personal data should you sell your device or give it to someone else. Here's how to factory reset an iPhone from within iOS or iTunes.

Newegg was cracked, customer data has leaked, and security is clearly scrambled

Online electronics retailer Newegg has found themselves at the heart of an online security breach as the company's payment system was breached, giving hackers of the notorious group, Magecart, potential access to confidential customer data…

Google Maps is available on Apple CarPlay with iOS 12

After months of betas, the final version of iOS 12 is here to download. The new OS comes along with tons of new capabilities from grouped notifications to Siri Shortcuts, here are all the features you'll find in iOS 12.

Smart Reply not smart enough? Desktop Gmail users can soon opt out

Google will soon give desktop Gmail users the ability to opt out of Smart Reply. If you'd prefer to compose a short email the old-fashioned way, you can do so without seeing the auto-generated suggestions in the future.
Social Media

Instagram feature that lets you reshare others’ posts may be on its way

Despite constant calls from many of its billion-plus users, Instagram has always refused to offer an option that lets Instagrammers reshare others' posts that appear on their feed. New reports suggest this could be about to change.

Huawei is not-so-subtly trolling Friday’s iPhone launch

Apple launches the iPhone XS range to the public on Friday, but Huawei is out in force to remind the public what they could be missing out on (Hint: It's the Mate 20 Pro) by choosing Apple's latest smartphone.

The iPhone XS and XS Max are now available -- here's how to get them

After months of rumors and speculation, Apple has finally taken the wraps off of the new iPhone XS, iPhone XS Max, and iPhone XR. Now that the phones are out, you might be wondering how you can get them for yourself.

The Apple Watch Series 4 is now available -- here's where to buy it

The new Apple Watch Series 4 is here. Besides the Apple store, the company's next-generation smartwatch is be available for purchase through all four major carriers. Here's where you can get yours.

How to buy the iPhone XS, iPhone XS Max, and iPhone XR in the U.K.

The new iPhone range is here, and it consists of three models: The iPhone XS, the iPhone XS Max, and the iPhone XR. You can buy the iPhone XS and XS Max in the United Kingdom now, so here's our guide on where to buy one.

Audio company Bragi is suing OnePlus over the word 'dash'

Despite taking steps to change to "Warp Charge," OnePlus is being sued by audio company Bragi over the phone manufacturer's continued use of the word "dash" in the Dash Charging used in OnePlus phones.

The best weather apps for Android will keep you dry no matter where you go

You may not be able to change the weather, but you can at least be prepared for it. Check out our guide to the best weather apps for Android, so you'll always know what to expect when you step out the front door.

Android 9.0 Pie is finally rolling out to the OnePlus 6

Android 9.0 Pie has been released. But is your phone getting Android 9.0 Pie, and if so, when? We've done the hard work and asked every device manufacturer to see when their devices would be getting the update.

Keep the iPhone XS display crack-free with these screen protectors

Apple might have proclaimed the iPhone XS's glass as being its most durable ever, but that's not going to stop you from wincing if you drop your phone. Stay protected with the best iPhone XS screen protectors.