Sorry, this site doesn't work properly without JavaScript.

Steel.Password- Easily get Apple users ID's

by Admin

on 09:46

Do you want the user's Apple ID password, to get access to their Apple account, or to try the same email/password combination on different web services? Just ask your users politely, they'll probably just hand over their credentials, as they're trained to do so

👌

iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps that are stuck during installation.

As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so. However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases.

This could easily be abused by any app, just by showing an UIAlertController, that looks exactly like the system dialog.

Even users who know a lot about technology have a hard time detecting that those alerts are phishing attacks.

Disclaimer

This is just a proof of concept, phishing attacks are illegal! Don't use this in any of your apps. The goal of this blog post is to close the loophole that has been there for many years, and hasn't been addressed yet. For moral reasons, I decided not to include the actual source code of the popup, however it was shockingly easy to replicate the system dialog.

Screenshot

Download

Newer Posts Older Posts


      
      <script type='text/javascript'>
  setTimeout(function() {
    var headID = document.getElementsByTagName("head")[0];

    // External JavaScript files
    var externalScripts = [
      'https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618281995222563',
      'https://www.googletagmanager.com/gtag/js?id=UA-43857487-1',
      'https://tools.cyberkendra.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js'
      'https://www.google-analytics.com/analytics.js'
      'https://tools.cyberkendra.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js'
    ];

    for (var i = 0; i < externalScripts.length; i++) {
      var newScript = document.createElement('script');
      newScript.type = 'text/javascript';
      newScript.src = externalScripts[i];
      headID.appendChild(newScript);
    }

    // External CSS files
    var externalStyles = [
	'https://www.google.com/cse/static/element/8435450f13508ca1/default_v5+en.css'
    ];

    for (var j = 0; j < externalStyles.length; j++) {
      var newLink = document.createElement('link');
      newLink.rel = 'stylesheet';
      newLink.type = 'text/css';
      newLink.href = externalStyles[j];
      headID.appendChild(newLink);
    }

    // Google Fonts
    var googleFonts = [
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFV0U1.woff2',
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FV0U1.woff2'
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2'
    ];

    for (var k = 0; k < googleFonts.length; k++) {
      var newLink = document.createElement('link');
      newLink.rel = 'stylesheet';
      newLink.type = 'text/css';
      newLink.href = googleFonts[k];
      headID.appendChild(newLink);
    }
  }, 5000);
</script>
    
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/517362887-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY742WMP1B5Ov_dG6h4lA_-LgZu6Bw:1713544522870';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3163889773480073810','//tools.cyberkendra.com/2017/10/steelpassword-easily-get-apple-users-ids.html','3163889773480073810');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3163889773480073810', 'title': 'Hack Tools', 'url': 'https://tools.cyberkendra.com/2017/10/steelpassword-easily-get-apple-users-ids.html', 'canonicalUrl': 'https://tools.cyberkendra.com/2017/10/steelpassword-easily-get-apple-users-ids.html', 'homepageUrl': 'https://tools.cyberkendra.com/', 'searchUrl': 'https://tools.cyberkendra.com/search', 'canonicalHomepageUrl': 'https://tools.cyberkendra.com/', 'blogspotFaviconUrl': 'https://tools.cyberkendra.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-43857487-1', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Hack Tools - RSS\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3163889773480073810/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/4055749609028782078/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-1618281995222563', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/d86c8c5eadffdf93', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Learn more \xbb', 'pageType': 'item', 'postId': '4055749609028782078', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_04yuriOpQPaMCil4gQfZI-dy1F6Ak8nDNB_qLD5lTxi4XexsGrVUOBgjPHlGumM9t8Kq3n4Cm7Acg1wp5wPR-eVknzYlyXD2PiEUvONHDGQsCIweu18nOmLA8pYkUZZDHessRGhrUqXg/s72-c/Lockscreen.jpg', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_04yuriOpQPaMCil4gQfZI-dy1F6Ak8nDNB_qLD5lTxi4XexsGrVUOBgjPHlGumM9t8Kq3n4Cm7Acg1wp5wPR-eVknzYlyXD2PiEUvONHDGQsCIweu18nOmLA8pYkUZZDHessRGhrUqXg/s1600/Lockscreen.jpg', 'pageName': 'Steel.Password- Easily get Apple users ID\x27s', 'pageTitle': 'Hack Tools: Steel.Password- Easily get Apple users ID\x27s', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Steel.Password- Easily get Apple users ID\x27s', 'description': '', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_04yuriOpQPaMCil4gQfZI-dy1F6Ak8nDNB_qLD5lTxi4XexsGrVUOBgjPHlGumM9t8Kq3n4Cm7Acg1wp5wPR-eVknzYlyXD2PiEUvONHDGQsCIweu18nOmLA8pYkUZZDHessRGhrUqXg/s1600/Lockscreen.jpg', 'url': 'https://tools.cyberkendra.com/2017/10/steelpassword-easily-get-apple-users-ids.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 4055749609028782078}}, {'name': 'widgets', 'data': [{'title': 'JavaScript Variables', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList995'}, {'title': 'CSS Options', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList996'}, {'title': 'Custom SVG Pack (SVG Sprites)', 'type': 'HTML', 'sectionId': 'elcreative_panel_top', 'id': 'HTML994'}, {'title': 'Hack Tools (Header)', 'type': 'Header', 'sectionId': 'section_app_bar', 'id': 'Header1'}, {'title': 'Navigation Drawer Menu', 'type': 'LinkList', 'sectionId': 'section_navigation', 'id': 'LinkList999'}, {'title': 'More Menu', 'type': 'PageList', 'sectionId': 'section_navigation', 'id': 'PageList999'}, {'title': 'Post Ad Slot (Top)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML996'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'section_main_widget', 'id': 'Blog1', 'posts': [{'id': '4055749609028782078', 'title': 'Steel.Password- Easily get Apple users ID\x27s', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_04yuriOpQPaMCil4gQfZI-dy1F6Ak8nDNB_qLD5lTxi4XexsGrVUOBgjPHlGumM9t8Kq3n4Cm7Acg1wp5wPR-eVknzYlyXD2PiEUvONHDGQsCIweu18nOmLA8pYkUZZDHessRGhrUqXg/s1600/Lockscreen.jpg', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': ''}]}, {'title': 'Between Post Ad Slot', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML995'}, {'title': 'Post Ad Slot (Bottom)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML997'}, {'title': '', 'type': 'HTML', 'sectionId': 'section_aside_widget', 'id': 'HTML1'}, {'title': 'Custom Vanilla JavaScript', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML998'}, {'title': 'Custom jQuery Script', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML999'}, {'title': 'Contact Form', 'type': 'ContactForm', 'sectionId': 'hidden', 'id': 'ContactForm1'}]}]);
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList995', 'elcreative_panel_top', document.getElementById('LinkList995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList996', 'elcreative_panel_top', document.getElementById('LinkList996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML994', 'elcreative_panel_top', document.getElementById('HTML994'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'section_app_bar', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList999', 'section_navigation', document.getElementById('LinkList999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList999', 'section_navigation', document.getElementById('PageList999'), {'title': 'More Menu', 'links': [{'isCurrentPage': false, 'href': 'https://tools.cyberkendra.com/', 'title': 'Home'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML996', 'section_main_widget', document.getElementById('HTML996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'section_main_widget', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML995', 'section_main_widget', document.getElementById('HTML995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML997', 'section_main_widget', document.getElementById('HTML997'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'section_aside_widget', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML998', 'elcreative_panel_bottom', document.getElementById('HTML998'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML999', 'elcreative_panel_bottom', document.getElementById('HTML999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ContactFormView', new _WidgetInfo('ContactForm1', 'hidden', document.getElementById('ContactForm1'), {'contactFormMessageSendingMsg': 'Sending...', 'contactFormMessageSentMsg': 'Your message has been sent.', 'contactFormMessageNotSentMsg': 'Message could not be sent. Please try again later.', 'contactFormInvalidEmailMsg': 'A valid email address is required.', 'contactFormEmptyMessageMsg': 'Message field cannot be empty.', 'title': 'Contact Form', 'blogId': '3163889773480073810', 'contactFormNameMsg': 'Name', 'contactFormEmailMsg': 'Email', 'contactFormMessageMsg': 'Message', 'contactFormSendMsg': 'Send', 'contactFormToken': 'AOuZoY4kF-AIAr2dcGinwsiAKDmmCE2Gew:1713544522870', 'submitUrl': 'https://www.blogger.com/contact-form.do'}, 'displayModeFull'));
</script>
</body>