Researchers at Wandera who are involved in mobile security has warned against possible security vulnerability in iOS. This vulnerability is used by hackers to trick users and make them share their personal information like credit card information.
There are various ways through which the hackers can fool users and one of them is through a fake portal page that looks like Apple Pay interface and ask you questions. The iOS devices will by default try to gain access to SSID. SSID are transmitted through probe messages through device that is connected to that network.
The access point could be used as a probe request which can be captured easily. A pop can act like a web page or an app to make it look real. The attack by Wandera researchers were similar as they used the same probe messages to connect the mobile device similar to the Wi-Fi service pop ups that are displayed when we login to use web based service.
The login page look like Apple Pay screen which is used to put credit card information. The attack can be done on nearby customer or who is currently paying through Apple pay when they get a message of reenter those credit details again. This trick could not be used for fooling a lot of people as the fake page gets noticed with Login title bar.
This hack can be a great success at the places where a lot of people comes and uses Wi-Fi services. As in may be a number of details they can hack is low but the amount of money could e large. They use readily available technology and they focus on the areas where victims are most vulnerable like checkout of a login.
The most susceptible zone is IOS automatic connection and its captive portal pages. The researchers have suggested Google and Apple should study and adopting a secured warning message when showing captive portal pages to users, so that users exercise caution.
The researchers also suggested that users should also keep a check on applications that ask for inputting credit card info and other information. A response from Apple is also awaited as the screen shots and the apple pay interface look different and more to this apple pay never ask for any information related to credit card.
