Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizens Wu Yanzu, mahonato, grass Luo Yuzi for the clue delivery! CTOnews.com July 25 news, yesterday, the programmer community V2EX appeared a popular post, user airycanon said his family's iPhone turned on Apple ID double authentication, but was still cheated by phishing.

It is said that his family downloaded a menu class App on App Store and logged in with Apple ID authorization, and then the App popped up a password input box, and the account information was fraudulently obtained after entering the password, and there was no double authentication pop-up window in the whole process.

According to tests by the blogger @ BugOS technology group, applications in trusted devices pull up hidden WebView to access appleid.apple.com without double authentication, a major loophole that allows users to log in with a sweep of face. The App uses a fake dialog box to swindle the password, and then adds the fraudster's mobile phone number to the double authentication trust number, directly remotely erasing the device, so that the user can not receive the deduction information and carry out illegal swiping.

Judging from the whole principle, this method is indeed hidden and difficult to defend, and it is not clear when Apple will fix the loophole. Blogger @ BugOS said that when a window for entering an Apple ID password appears on iPhone, pressing the Home key or making a gesture to try to quit is a fraud. CTOnews.com partners can temporarily use this method as a response.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.